Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

SecurityInfo Problems #3103

Closed
anonymous-piwik-user opened this Issue · 6 comments

2 participants

Anonymous Piwik user Anthon Pang
Anonymous Piwik user

Hi!

I am trying to make my piwik installation as secure as possible using the Security plugin. I did research in the FAQ and other places and didn't find a solution! In my (windows) localhost I have no problems, but in my real server, I got several (8 in total)! One of them is:

Notice: Undefined offset:1 in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 538

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:538]#1 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:57]#2 PhpSecInfo_Test_Core_Uid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:118]#3 PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]#4 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#5 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#6 Piwik_SecurityInfo_Controller->index(...) called at [:]#7 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#8 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]

The other 7 are variations of the above, with 1 substitued by 2, and 118 by 278. Any help would be very much appreciated!

Eduardo

Anthon Pang
Collaborator

What's the output of this script on your real host?

<?php  var_dump(exec('id'));
Anonymous Piwik user

Replying to vipsoft:

What's the output of this script on your real host?

<?php  var_dump(exec('id'));

Hello vipsoft!!!

The output of the script in my real server is:

string(75) "uid=2705636(ipg.var4castcom) gid=15010(cgiuser) groups=15020,15010(cgiuser)" 
Anthon Pang
Collaborator

(In [6205]) refs #3103 - handle gid without group name; please test patch and provide feedback

Anonymous Piwik user

Replying to vipsoft:

(In [6205]) refs #3103 - handle gid without group name; please test patch and provide feedback

Hi vipsoft!

Hier are the outputs:

Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [:]#1 explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]#2 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:57]#3 PhpSecInfo_Test_Core_Uid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:119]#4 PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]#5 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#6 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#7 Piwik_SecurityInfo_Controller->index(...) called at [:]#8 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#9 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [:]#1 explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]#2 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:48]#3 PhpSecInfo_Test_Core_Uid->isTestable(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:278]#4 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#5 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#6 Piwik_SecurityInfo_Controller->index(...) called at [:]#7 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#8 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [:]#1 explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]#2 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/gid.php:57]#3 PhpSecInfo_Test_Core_Gid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:119]#4 PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]#5 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#6 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#7 Piwik_SecurityInfo_Controller->index(...) called at [:]#8 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#9 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [:]#1 explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]#2 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/gid.php:49]#3 PhpSecInfo_Test_Core_Gid->isTestable(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:278]#4 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#5 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#6 Piwik_SecurityInfo_Controller->index(...) called at [:]#7 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#8 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]

And the output of

var_dump(exec('id'));

is

string(75) "uid=2705636(ipg.var4castcom) gid=15010(cgiuser) groups=15020,15010(cgiuser)" 

Thanks so much for your concern and time!!!

Eduardo

Anthon Pang
Collaborator

It doesn't look like the patch applied cleanly because your line numbers don't jive with our copy. Please replace Test.php with this file from svn.

https://github.com/piwik/piwik/blob/master/6205/trunk/plugins/SecurityInfo/PhpSecInfo/Test/Test.php

Anonymous Piwik user

Hi vipsoft!!!

Thanks so much!!!

All those messages are gone forever!!!

Have nice one!!!

Eduardo

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.