View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Some users are unable to download attachments - ProjeQtOr
 
 

Some users are unable to download attachments

More
18 Sep 2023 14:30 - 18 Sep 2023 14:44 #1 by ddal
Some users are unable to download attachments was created by ddal
some users are unable to download attachments, even when for some people with apparently the same settings it is working. This is happening across multiple projeqtor versions for quite some time. The attachments are added as public. Any idea what could be the problem? The error log is:

2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5] HACK ================================================================
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5] Try to hack detected
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  Source Code = checkValidAccessForUser() Reject for Ticket #653 - no 'read' right to this item
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  QUERY_STRING = class=Attachment&id=1000&csrfToken=
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  REMOTE_ADDR = redacted
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  SCRIPT_FILENAME = /var/www/html/tool/download.php
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  CONNECTED USER = #21 - redacted
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  === Trace Stack for last error ===
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  => /var/www/html/tool/projeqtor.php at line 1692 calling debugPrintTraceStack()
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  => /var/www/html/model/Security.php at line 377 calling traceHack()
2023-09-18 09:30:52.324 ***** ERROR ***** [V10.3.5]  => /var/www/html/tool/download.php at line 65 calling Security:checkValidAccessForUser()
2023-09-18 09:30:52.325 ***** ERROR ***** [V10.3.5]  ===
Last edit: 18 Sep 2023 14:44 by ddal.

Please Log in or Create an account to join the conversation.

More
18 Sep 2023 15:57 #2 by Damian.sd
Replied by Damian.sd on topic Some users are unable to download attachments
Hello,
we can't reproduce exactly the same issue but we found some issues with attachment in v10.3.5 and fixed it on v10.4.

Try to upgrade your version to v10.4.5 and see if that fixed your issue.

Please Log in or Create an account to join the conversation.

More
21 Sep 2023 13:23 #3 by ddal
Replied by ddal on topic Some users are unable to download attachments
same error on 10.4.5. Is there another log or setting I can check?

2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5] HACK ================================================================
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5] Try to hack detected
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  Source Code = checkValidAccessForUser() Reject for Ticket #653 - no 'read' right to this item
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  QUERY_STRING = class=Attachment&id=999&csrfToken=
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  REMOTE_ADDR = redacted
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  SCRIPT_FILENAME = /var/www/html/tool/download.php
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  CONNECTED USER = #21 - redacted
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  === Trace Stack for last error ===
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  => /var/www/html/tool/projeqtor.php at line 1700 calling debugPrintTraceStack()
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  => /var/www/html/model/Security.php at line 377 calling traceHack()
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  => /var/www/html/tool/download.php at line 65 calling Security:checkValidAccessForUser()
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  ===
2023-09-21 13:00:59.871 ***** ERROR ***** [V10.4.5]  REQUEST_URI = /tool/download.php?class=Attachment&id=999&csrfToken=
 

Please Log in or Create an account to join the conversation.

More
21 Sep 2023 15:44 #4 by ddal
Replied by ddal on topic Some users are unable to download attachments
Nevermind. We seem to have figured it out. The profile only had access to TicketMenuSimple and TicketMenu was "noaccess". But the download for the attachment, even when clicked from TicketMenuSimple, asks the permission function for TicketMenu and not TicketMenuSimple. So after changing the accessright table it seems to be working.

Please Log in or Create an account to join the conversation.

More
25 Sep 2023 09:55 #5 by babynus
Replied by babynus on topic Some users are unable to download attachments
Issue recorded as Ticket #7466
Will be fixed on V11.0.1
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.035 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form