Permissions Issues Following 2.0.19 -> 2.1.4 Upgrade

von Corax · September 05, 2023, 12:01:05 AM

The log entries generated are

von Corax
<User IP address>
<User session ID>
https://brassgoggles.net/forum/index.php?action=admin;area=serversettings;sa=general;save
/home/brassgog/public_html/forum/Sources/Subs-Admin.php (Line 1752)
Backtrace information

Type of error: General
Error message: [Select]
Failed to read new settings from $temp_sfile

Sesquipedalian · September 05, 2023, 12:49:59 AM

Okay. Here's another version to try.

von Corax · September 05, 2023, 01:06:05 AM

This produces paired log entries. The first is on line 1841:

Code Select

ParseError::__set_state(array(
   'message' => 'syntax error, unexpected token "elseif", expecting end of file',
   'string' => '',
   'code' => 0,
   'file' => '/home/brassgog/public_html/forum/Sources/Subs-Admin.php(1831) : eval()\'d code',
   'line' => 264,
   'trace' => 
  array (
    0 => 
    array (
      'file' => '/home/brassgog/public_html/forum/Sources/Subs-Admin.php',
      'line' => 1745,
      'function' => 'get_current_settings',
      'args' => 
      array (
        0 => 1693890201,
        1 => '/tmp/25b22b50858925cded59a0b10db9ce1dOfae9p',
      ),
    ),
    1 => 
    array (
      'file' => '/home/brassgog/public_html/forum/Sources/Subs-Admin.php',
      'line' => 1752,
      'function' => 'updateSettingsFile',
      'args' => 
      array (
        0 => 
        array (
          'auth_secret' => '8b53bfdb37a0563097453c4ef949f1927adfad91da535e0787aef5e430b12b72',
        ),
        1 => NULL,
        2 => true,
      ),
    ),
    2 => 
    array (
      'file' => '/home/brassgog/public_html/forum/Sources/Load.php',
      'line' => 4037,
      'function' => 'updateSettingsFile',
      'args' => 
      array (
        0 => 
        array (
          'auth_secret' => '8b53bfdb37a0563097453c4ef949f1927adfad91da535e0787aef5e430b12b72',
        ),
      ),
    ),
    3 => 
    array (
      'file' => '/home/brassgog/public_html/forum/Sources/Subs-Auth.php',
      'line' => 917,
      'function' => 'get_auth_secret',
      'args' => 
      array (
      ),
    ),
    4 => 
    array (
      'file' => '/home/brassgog/public_html/forum/Sources/Load.php',
      'line' => 628,
      'function' => 'hash_salt',
      'args' => 
      array (
        0 => '$2y$13$LUN/Np78FKAmHciGPTiCb.loYFihu/Yu0FN1ZUCayinHauRsIqlnC',
        1 => 'b3489ab68a9b99f4af221e883b7c78c0',
      ),
    ),
    5 => 
    array (
      'file' => '/home/brassgog/public_html/forum/index.php',
      'line' => 214,
      'function' => 'loadUserSettings',
      'args' => 
      array (
      ),
    ),
    6 => 
    array (
      'file' => '/home/brassgog/public_html/forum/index.php',
      'line' => 184,
      'function' => 'smf_main',
      'args' => 
      array (
      ),
    ),
  ),
   'previous' => NULL,
))

The second is from line 1748:

Code Select

/tmp/25b22b50858925cded59a0b10db9ce1dOfae9p

Sesquipedalian · September 05, 2023, 01:15:18 AM

Okay. So it is producing a syntax error. Can you open that temporary file in the second error message and inspect its contents?

von Corax · September 05, 2023, 01:18:23 AM

Quote from: Sesquipedalian on September 05, 2023, 01:15:18 AMOkay. So it is producing a syntax error. Can you open that temporary file in the second error message and inspect its contents?

It doesn't seem to exist.

m4z · September 05, 2023, 01:53:32 AM

Maybe PrivateTemp?

Sesquipedalian · September 05, 2023, 02:04:28 AM

Here's a third version. This one will save an additional copy of the temp file as derp.txt in your forum's base directory. Please inspect its contents and tell us what you find.

von Corax · September 05, 2023, 02:21:26 AM

It looks like a copy of Settings.php.

Sesquipedalian · September 05, 2023, 02:25:36 AM

Thanks. I have deleted your attachment, because it contained sensitive information. I will look at it shortly.

von Corax · September 05, 2023, 02:26:04 AM

Quote from: Sesquipedalian on September 05, 2023, 02:25:36 AMThanks. I have deleted your attachment, because it contained sensitive information. I will look at it shortly.

Thank you.

Sesquipedalian · September 05, 2023, 02:40:06 AM

It looks like your existing Settings.php file contains some code that shouldn't be there and that is breaking things when SMF tries to update the file.

Specifically, in your existing Settings.php, I think you will find a chunk of code that looks like this:

Code Select

if (file_exists(dirname(__FILE__) . '/install.php'))
{
    $secure = false;
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
        $secure = true;
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
        $secure = true;

    if (basename($_SERVER['PHP_SELF']) != 'install.php')
    {
        header('location: http' . ($secure ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install.php');
        exit;
    }
}

That chunk of code is included in the copy of Settings.php that is distributed with the install packages, but it is usually deleted automatically during the install process. Somehow it was not deleted in your copy, and it is causing unexpected effects when SMF tries to update the file.

If you find and manually delete that chunk of code from your existing Settings.php file, I think that may solve the problem. As a favour to me, though, I would appreciate it if you could send me a copy of your existing Settings.php file before you make that change. I would like to do further tests to see if I can figure out exactly what broke and how to prevent it.

Also, you can now delete derp.txt and restore your original copy of Subs-Admin.php.

m4z · September 05, 2023, 03:32:46 AM

The Settings.php came from Sir Osis above, IIRC.

Sesquipedalian · September 05, 2023, 04:32:45 AM

Ah yes. I did not notice those posts before.

Although I have not yet tested this, I suspect that the cause of the issue here is a bug in repair_settings.php that has been exposed by the particular sequence of steps that were followed in this case:

Settings.php was manually replaced with a copy taken directly from the install package.
The repair_settings.php tool was used to change the values in Settings.php.
Unfortunately, repair_settings.php broke something, requiring von Corax to take this step:
Quote from: von Corax on September 02, 2023, 07:01:41 PMEDIT: Found that Settings.php (the new one) had an unpaired right brace on line 266. Placing a left brace at line 258 has at least fixed that problem and restored access to the forum.
This changed the expected syntax that updateSettingsFile() looks for when trying to find and remove the chunk of code that redirects to install.php. As a result, it was not removed properly.
That unexpected chunk of code then interfered with updateSettingsFile() in its attempts to do its job.

If I am correct, then the core problem lies with repair_settings.php. In particular, I suspect that repair_settings.php mangled the redirection code, which then forced von Corax to try to fix it, thereby setting off the rest of the chain of events. If so, then we need to look at improving repair_settings.php.

von Corax · September 05, 2023, 09:27:44 AM

Dang - I really hoped that would be it, but I couldn't find the code fragment you quoted. I've PMed you my current Settings.php file.

Sesquipedalian · September 05, 2023, 12:29:30 PM

Thanks for sending me that. You are right that your Settings.php file does not contain the complete code block in my previous post. Instead, it contains the following mangled fragment:

Code Select

    elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
{
        $secure = true;

    if (basename($_SERVER['PHP_SELF']) != 'install.php')
    {
        header('location: http' . ($secure ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install.php');
        exit;
    }
}

This is the same code fragment where you previously inserted a { character in an attempt to fix the invalid syntax. That was a perfectly reasonable guess on your part, but unfortunately it was not what actually needed to be done. In fact, you should simply delete this code fragment. It is not supposed to be there at all.

Sir Osis of Liver · September 05, 2023, 04:27:42 PM

The Settings.php I posted is from 2.1.4 install package, it does contain the complete code. I've used it before, never caused a problem. Not seeing what it's doing here.

Sesquipedalian · September 05, 2023, 04:34:20 PM

The copy of Settings.php you posted is not the problem. The problem is repair_settings.php. I've opened a detailed bug report about it here and submitted a fix here.

SleePy · September 05, 2023, 06:02:00 PM

The tool has been updated on our downloads page.

von Corax · September 05, 2023, 10:48:44 PM

Quote from: Sesquipedalian on September 05, 2023, 12:29:30 PMThanks for sending me that. You are right that your Settings.php file does not contain the complete code block in my previous post. Instead, it contains the following mangled fragment:

Code Select Expand
elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') { $secure = true; if (basename($_SERVER['PHP_SELF']) != 'install.php') { header('location: http' . ($secure ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install.php'); exit; } }
This is the same code fragment where you previously inserted a { character in an attempt to fix the invalid syntax. That was a perfectly reasonable guess on your part, but unfortunately it was not what actually needed to be done. In fact, you should simply delete this code fragment. It is not supposed to be there at all.

That fixed it. Thank you so much.

Sesquipedalian · September 05, 2023, 11:10:25 PM

Excellent. Glad to hear it!

News:

Permissions Issues Following 2.0.19 -> 2.1.4 Upgrade