Packages

  • Status In Progress
  • Percent Complete
    0%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    André Silva
  • Operating System Hyperbola GNU/Linux-libre
  • Severity Critical
  • Priority High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by fablamar - 29/09/2018
Last edited by André Silva - 30/09/2018

FS#1209 - [octopi] uploads system logs to ptpb.pw without confirmation

Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :

Tools
→ SysInfo → ptpb.pw

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256:  return ptpb;

to :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10

fablamar commented on 29.09.2018 10:48

the url is : https://ptpb.pw/ instead of : **https://ptpb.pw/

fablamar commented on 29.09.2018 11:24
fablamar commented on 29.09.2018 12:00

This patch fixes the url issue (test by myself), it can be added to : hyperbola-support.patch

diff --git a/src/globals.cpp b/src/globals.cpp
index 70ed78c..68dae63 100644
--- a/src/globals.cpp
+++ b/src/globals.cpp
@@ -252,6 +252,6 @@ QString generateSysInfo(QByteArray contents)
   tempFile->flush();
   tempFile->close();
 
-  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
+  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/", tempFile->fileName());
   re

turn ptpb;
}</code>

fablamar commented on 29.09.2018 12:02
Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing