Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure updates are always done with super user permission #18503

Merged
merged 4 commits into from Dec 16, 2021
Merged

Ensure updates are always done with super user permission #18503

merged 4 commits into from Dec 16, 2021

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Dec 14, 2021

Description:

Our process for performing updates is currently designed in a way that allows anyone (even without permission) to trigger the database updates (once the files were updated).
This can currently lead to errors or differing results depending on the current users permissions.
I saw this basically for this update script where I saw differing results:

matomo/core/Updates/4.6.0-b4.php

Lines 54 to 58 in 4fe950a

foreach ($segmentStrings as $segmentString) {
$segment = new Segment($segmentString, [$idSite]);
if ($segment->getOriginalString() === $segment->getString()) {
continue;
}

Initializing a segment using new Segment tries to perform an API request to API.getSegmentsMetadata in the background. Based on the current user this might return either the segments (user with view permission) or an error (user without permission). This causes the resulting list of generated queries to be different depending on the user.
In that case this might not be that problematic, but there could be cases where it could even break something.
Therefor it's imho required to perform the migration scripts as superuser always.

Review

@sgiehl sgiehl added Bug For errors / faults / flaws / inconsistencies etc. Needs Review PRs that need a code review labels Dec 14, 2021
@sgiehl sgiehl added this to the 4.7.0 milestone Dec 14, 2021
@sgiehl sgiehl requested a review from tsteur December 14, 2021 13:12
tsteur
tsteur requested changes Dec 14, 2021
View reviewed changes
Copy link
Member

@tsteur tsteur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sgiehl is it possible to only execute the needed methods as superuser? Eg

  • $this->doExecuteUpdates($viewDone, $updater, $componentsWithUpdateFile);
  • $componentsWithUpdateFile = $updater->getComponentUpdates();

Just to avoid potential security issues etc. Eg some fatal error and then suddenly it keeps super user or maybe some view would expose information a regular user shouldn't see or so?

@sgiehl
Copy link
Member Author

sgiehl commented Dec 15, 2021

@tsteur moved setting the super user permission to the parts in Updater class, where it's needed. Guess that makes more sense, than doing it in a controller

@sgiehl sgiehl requested a review from tsteur December 15, 2021 16:57
tsteur
tsteur reviewed Dec 15, 2021
View reviewed changes
core/Updater.php Outdated Show resolved Hide resolved
@sgiehl sgiehl requested a review from tsteur December 16, 2021 11:28
@sgiehl sgiehl merged commit 009353e into 4.x-dev Dec 16, 2021
@sgiehl sgiehl deleted the updateperm branch December 16, 2021 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur approved these changes

Assignees
No one assigned
Labels
Bug For errors / faults / flaws / inconsistencies etc. Needs Review PRs that need a code review
Projects
None yet
Milestone
4.7.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sgiehl @tsteur