Digibug Module Uncaught Exception

rasamassen

Joined: 2009-08-01
Posts: 12

Posted: Tue, 2009-08-11 18:17

PHP Info: http://lutheranlakeside.com/gallery3_test/info.php

In my G3B2 logs, I'm regularly getting the following error:
2009-08-10 14:24:07 -04:00 --- error: Uncaught Exception: @todo FORBIDDEN in file modules/gallery/helpers/access.php on line 176

I looked in my access logs, and this is what is always found when I get this type of exception:
66.249.66.19 - - [10/Aug/2009:14:24:06 -0400] "GET /gallery3_test/index.php/digibug/print_photo/57?csrf=681a2c5e27beda41adcf69416b8bdac1 HTTP/1.0" 200 1522 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

From what I figure, GoogleBot is following the Print link in the gallery and getting an error for whatever reason.

I tested this link on the latest experimental version, and the problem is still happening (http://lutheranlakeside.com/gallery3_test/index.php/digibug/print_photo/57?csrf=681a2c5e27beda41adcf69416b8bdac1).

---

So here's the error:
@todo FORBIDDEN

File: modules/gallery/helpers/access.php, line: 189
And here's how we got there:

* modules/gallery/helpers/access.php [390]:

access_Core::forbidden( )

* modules/digibug/controllers/digibug.php [22]:

access_Core::verify_csrf( )

*

Digibug_Controller->print_photo( 57 )

* system/core/Kohana.php [291]:

ReflectionMethod->invokeArgs( Digibug_Controller Object
(
[uri] => URI Object
(
)

[input] => Input Object
(
[use_xss_clean:protected] => 1
[magic_quotes_gpc:protected] => 1
[ip_address] =>
)

)
, Array
(
[0] => 57
)
)

*

Kohana::instance( )

* system/core/Event.php [209]:

call_user_func( Array
(
[0] => Kohana
[1] => instance
)
)

* system/core/Bootstrap.php [55]:

Event::run( system.execute )

* index.php [86]:

require( system/core/Bootstrap.php )

---

What is causing the error is straightforward. The csrf is unique for each session, and it's not validating properly. Your regular user won't run into this error. However, my error logs shouldn't be filling up with an error like this because it shouldn't happen that often (averaging 200 of these errors a day). Possible correction could be a robots.txt (simple, blocks GoogleBot and other spiders). I'm not sure what else would correct this, as I'm not that familiar with the architecture, but I'm betting a robots.txt is not the best solution.

floridave

Joined: 2003-12-22
Posts: 25945

Posted: Tue, 2009-08-11 20:37

please file a bug for this issue.
https://sourceforge.net/apps/trac/gallery/newticket

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

bharat

Joined: 2002-05-21
Posts: 7985

Posted: Thu, 2009-08-13 18:50

Wacky! Thanks for filing the ticket, we'll have to figure out a way to prevent this from happening.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!

rasamassen Joined: 2009-08-01 Posts: 12	Posted: Tue, 2009-08-11 18:17
	PHP Info: http://lutheranlakeside.com/gallery3_test/info.php In my G3B2 logs, I'm regularly getting the following error: 2009-08-10 14:24:07 -04:00 --- error: Uncaught Exception: @todo FORBIDDEN in file modules/gallery/helpers/access.php on line 176 I looked in my access logs, and this is what is always found when I get this type of exception: 66.249.66.19 - - [10/Aug/2009:14:24:06 -0400] "GET /gallery3_test/index.php/digibug/print_photo/57?csrf=681a2c5e27beda41adcf69416b8bdac1 HTTP/1.0" 200 1522 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" From what I figure, GoogleBot is following the Print link in the gallery and getting an error for whatever reason. I tested this link on the latest experimental version, and the problem is still happening (http://lutheranlakeside.com/gallery3_test/index.php/digibug/print_photo/57?csrf=681a2c5e27beda41adcf69416b8bdac1). --- So here's the error: @todo FORBIDDEN File: modules/gallery/helpers/access.php, line: 189 And here's how we got there: * modules/gallery/helpers/access.php [390]: access_Core::forbidden( ) * modules/digibug/controllers/digibug.php [22]: access_Core::verify_csrf( ) * Digibug_Controller->print_photo( 57 ) * system/core/Kohana.php [291]: ReflectionMethod->invokeArgs( Digibug_Controller Object ( [uri] => URI Object ( ) [input] => Input Object ( [use_xss_clean:protected] => 1 [magic_quotes_gpc:protected] => 1 [ip_address] => ) ) , Array ( [0] => 57 ) ) * Kohana::instance( ) * system/core/Event.php [209]: call_user_func( Array ( [0] => Kohana [1] => instance ) ) * system/core/Bootstrap.php [55]: Event::run( system.execute ) * index.php [86]: require( system/core/Bootstrap.php ) --- What is causing the error is straightforward. The csrf is unique for each session, and it's not validating properly. Your regular user won't run into this error. However, my error logs shouldn't be filling up with an error like this because it shouldn't happen that often (averaging 200 of these errors a day). Possible correction could be a robots.txt (simple, blocks GoogleBot and other spiders). I'm not sure what else would correct this, as I'm not that familiar with the architecture, but I'm betting a robots.txt is not the best solution.
	XUser login Username: * Password: * Create new account Request new password
floridave Joined: 2003-12-22 Posts: 25945	Posted: Tue, 2009-08-11 20:37
	please file a bug for this issue. https://sourceforge.net/apps/trac/gallery/newticket Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

bharat Joined: 2002-05-21 Posts: 7985	Posted: Thu, 2009-08-13 18:50
	Wacky! Thanks for filing the ticket, we'll have to figure out a way to prevent this from happening. --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git \| help! vote!

Digibug Module Uncaught Exception

XUser login