The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bug(s) in /scripts/restorepkg

Discussion in 'General Discussion' started by marty_parish, Jan 12, 2008.

  1. marty_parish

    marty_parish Registered

    Joined:
    Jan 12, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I am trying to restore a cpmove file and I keep getting this error:

    /scripts/restorepkg usage: /scripts/restorepkg [--skipresellerprivs] [--force] user

    Security Note: It is recommended that you do not restore a package from an untrusted source.
    If you choose to ignore this warning, you should use --skipresellerprivs to minimize the risk.


    So, I'm thinking wtf! I have restored hundreds of them without this happening. I couldn't find any solution so my last grasp was to look at the script and try to see what is triggering this error.

    When I looked at the script I was pretty shoced to see such bad coding.

    if (grep(/force/i,@ARGV)) {
    $force = 1;
    }

    if (grep(/skipres/i,@ARGV)) {
    $skipres = 1;
    }


    Are you kidding? In the first if, it checks @ARGV for "force". What's wrong with this?
    1) If the word "force" is in my cpanel username the script goes into force mode when I did not tell it to!
    2) Should not be case insensitive!
    3) It should be checking for "--force"

    All of the above apply to the second if as well and what is up with checking only for the "skipres", when the switch is "--skipresellerprivs".

    Now, let's look at this block where I found my problem:

    if (!$user || $user eq '' || !@ARGV || grep(/help/, @ARGV)) {
    print "User: $user\nARGV @ARGV\n";
    print qq{$0 usage: $0 [--skipresellerprivs] [--force] user\n};
    print qq{\n};
    print qq{Security Note: It is recommended that you do not restore a package from an untrusted source.\n};
    print qq{If you choose to ignore this warning, you should use --skipresellerprivs to minimize the risk.\n};
    exit(0);
    }


    Why on earth is it grepping for "help" and then dying? My username was "esshelpd" and I could not proceed because of this. I have modified my copy and now have no problems.

    Here is what I did:
    grep(/--force/,@ARGV)
    grep(/--skipresellerprivs/,@ARGV)
    grep(/--help/, @ARGV)

    I'm surprised that I couldn't find this issue anywhere on the net. I mean any username with "help" is going to fail.

    Regards,

    Marty
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Good catch.

    I created a bugzilla report for this (hope you don't mind, it still your bug since you were the one that discovered it). You can read the bug report at:

    http://bugzilla.cpanel.net/show_bug.cgi?id=6265

    You may want to consider creating a bugzilla account and if you find a bug, post information about the bug in the forums, but also create a bugzilla report and link to it in your forum thread so that it will get attention.
     
  3. marty_parish

    marty_parish Registered

    Joined:
    Jan 12, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for filing the report! I was just thinking that I should have done that instead of posting it here.

    Marty
     
Loading...

Share This Page