Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Bug(s) in /scripts/restorepkg

Discussion in 'General Discussion' started by marty_parish, Jan 12, 2008.

  1. marty_parish

    marty_parish Registered

    Joined:
    Jan 12, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    Hello,

    I am trying to restore a cpmove file and I keep getting this error:

    /scripts/restorepkg usage: /scripts/restorepkg [--skipresellerprivs] [--force] user

    Security Note: It is recommended that you do not restore a package from an untrusted source.
    If you choose to ignore this warning, you should use --skipresellerprivs to minimize the risk.


    So, I'm thinking wtf! I have restored hundreds of them without this happening. I couldn't find any solution so my last grasp was to look at the script and try to see what is triggering this error.

    When I looked at the script I was pretty shoced to see such bad coding.

    if (grep(/force/i,@ARGV)) {
    $force = 1;
    }

    if (grep(/skipres/i,@ARGV)) {
    $skipres = 1;
    }


    Are you kidding? In the first if, it checks @ARGV for "force". What's wrong with this?
    1) If the word "force" is in my cpanel username the script goes into force mode when I did not tell it to!
    2) Should not be case insensitive!
    3) It should be checking for "--force"

    All of the above apply to the second if as well and what is up with checking only for the "skipres", when the switch is "--skipresellerprivs".

    Now, let's look at this block where I found my problem:

    if (!$user || $user eq '' || !@ARGV || grep(/help/, @ARGV)) {
    print "User: $user\nARGV @ARGV\n";
    print qq{$0 usage: $0 [--skipresellerprivs] [--force] user\n};
    print qq{\n};
    print qq{Security Note: It is recommended that you do not restore a package from an untrusted source.\n};
    print qq{If you choose to ignore this warning, you should use --skipresellerprivs to minimize the risk.\n};
    exit(0);
    }


    Why on earth is it grepping for "help" and then dying? My username was "esshelpd" and I could not proceed because of this. I have modified my copy and now have no problems.

    Here is what I did:
    grep(/--force/,@ARGV)
    grep(/--skipresellerprivs/,@ARGV)
    grep(/--help/, @ARGV)

    I'm surprised that I couldn't find this issue anywhere on the net. I mean any username with "help" is going to fail.

    Regards,

    Marty
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,781
    Likes Received:
    123
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Good catch.

    I created a bugzilla report for this (hope you don't mind, it still your bug since you were the one that discovered it). You can read the bug report at:

    http://bugzilla.cpanel.net/show_bug.cgi?id=6265

    You may want to consider creating a bugzilla account and if you find a bug, post information about the bug in the forums, but also create a bugzilla report and link to it in your forum thread so that it will get attention.
     
  3. marty_parish

    marty_parish Registered

    Joined:
    Jan 12, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    Thanks for filing the report! I was just thinking that I should have done that instead of posting it here.

    Marty
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice