Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when creating new Poll #151

Open
h3ll3 opened this issue Aug 9, 2023 · 2 comments · May be fixed by #152
Open

Error when creating new Poll #151

h3ll3 opened this issue Aug 9, 2023 · 2 comments · May be fixed by #152

Comments

@h3ll3
Copy link

h3ll3 commented Aug 9, 2023
edited

Hello Everybody,

i'm not sure if there's anyone out there who still looks into this section but at least i wanted to try finding somebody to help me.

Of course i've read the several posts here that were dealing with the same problem but all of them got closed with e.g. "i made everything new, now it works but i dont know why" ....so, i also made everything new but i am still unable to create new polls.

My Problem is: Dudle frontpage is working, check.cgi doesn't show any errors but every time i try to create a new poll i'm running into the same error:

"Error
An error occurred while executing DuD-Poll.
Please send an error report, including your browser, operating system, and what you did to [webmaster@10.xx.xx.xx](mailto:webmaster@yourserver.de)"

Dudle-Log shows:
[Wed Aug 09 14:23:04.492127 2023] [cgid:error] [pid 9683:tid 140036099913408] [client 10.242.2.4:61371] End of script output before headers: edit_columns.cgi, referer: http://10.xx.xx.xx/

I have installed the following tools on my Debian machine:

git (2.39.2)
ruby (ruby 3.1.2p20)
ruby-gettext
gettext
potool
ruby-dev 
libxml2-dev 
zlib1g-dev
ratom
passenger
libapache2-mod-passenger
Apache2 Webserver (2.4.57)

My Apache dudle.conf:

<VirtualHost *:80>
        DocumentRoot /var/www/dudle
        ErrorLog /var/log/dudle.error.log
        TransferLog /var/log/dudle.access.log
</VirtualHost>
<Directory /var/www/dudle/>
        Options +ExecCGI +FollowSymLinks +Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
        SetEnv GIT_AUTHOR_NAME "http user"
        SetEnv GIT_AUTHOR_EMAIL "foo@example.org"
        SetEnv GIT_COMMITTER_NAME "$GIT_AUTHOR_NAME"
        SetEnv GIT_COMMITTER_EMAIL "$GIT_AUTHOR_EMAIL"
</Directory>

The .htaccess file located in /var/www/dudle/ is the default one but i also tried adding "SetEnv GIT_..." params into it without success.

Output of cd /var/www/dudle/test8/

git log

commit b3fb4f673c912c81d9ebef2e01d0a57bcd4a754d (HEAD -> master)
Author: http user <foo@example.org>
Date:   Wed Aug 9 14:41:20 2023 +0200

    Poll test8 created

cat data.yaml

# This is a dudle poll file
--- !ruby/object:Poll
name: test8
head: !ruby/object:TimePollHead
  data: []
data: {}
comment: []

But i have to mention that i had to enter following command for not receiving any git errors

git config --global --add safe.directory '*'

Pls does anyone have an idea for my issue?

Thank you!
@xtaran
Copy link

xtaran commented Oct 9, 2023
edited

Ran into that, too, on Debian Testing with Ruby 3.1.2 (Debian package ruby3.1 at version 3.1.2-7) and as CGI behind an Apache HTTPd. Full error message:

AH01215: /usr/lib/ruby/3.1.0/psych/class_loader.rb:99:in `find': Tried to load unspecified class: Poll (Psych::DisallowedClass): /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/class_loader.rb:28:in `load': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:424:in `resolve_class': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:213:in `visit_Psych_Nodes_Mapping': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych.rb:335:in `safe_load': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych.rb:370:in `load': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /srv/dudle/dudle/dudle.rb:128:in `initialize': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi:34:in `new': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi:34:in `<main>': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
End of script output before headers: edit_columns.cgi, referer: https://[…]/poll/

Code is at 5893e39, i.e. current HEAD as of this writing. The only local changes were made to the .htaccess file for the subdirectory /poll/ used for the poll and changes from old Apache 2.2 access control syntax to modern 2.4 syntax.

libruby3.1 in Debian at the version mentioned above seems to provide ruby-psych at version 4.0.3. But there is also a dedicated ruby-psych package at version 5.0.2-1 available. But installing that on in addition brought no change.

@xtaran
Copy link

xtaran commented Oct 9, 2023

This seems to be the same issue as #145 and there is fix in there which helped for.

Will provide a patch via pull request later, but for now this shell snipped worked for me:

git grep -l YAML::load | xargs sed s/YAML::load/YAML::unsafe_load/ -i

xtaran added a commit to xtaran/dudle that referenced this issue Oct 9, 2023
@xtaran
Compat with newer Psych: Use safe_load with permitted_classes Poll an…
61831c3 
…d TimePollHead

Fixes kellerben#147, kellerben#151
xtaran added a commit to xtaran/dudle that referenced this issue Oct 9, 2023
@xtaran
Compat with newer Psych: Use safe_load with permitted_classes Poll an…
f761ae3 
…d TimePollHead

Fixes kellerben#145, kellerben#151
@xtaran xtaran linked a pull request Oct 9, 2023 that will close this issue
Open
xtaran added a commit to xtaran/dudle that referenced this issue Oct 10, 2023
@xtaran
Compat with newer Psych: Use safe_load with permitted_classes Poll an…
52e95bc 
…d TimePollHead

Fixes kellerben#145, fixes kellerben#151

Based on the discussion in kellerben#145, @dl8dtl's initial patch suggestion
and reading https://docs.ruby-lang.org/en/master/Psych.html to
understand the remaining open question by @JoJoDeveloping where the
config needs to go.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Compat with newer Psych: Use safe_load with permitted_classes Poll and TimePollHead xtaran/dudle
2 participants
@xtaran @h3ll3