? ? ? Success
Related to # 6021

User tests: Successful: Unsuccessful:

avatar phproberto
phproberto
5 Jun 2015

This is a rebased version of #6021 See description there

I have added suggestions by @roland-d and small code style fixes.


#6021
Implementing a possibility to download system/environment information for support purposes.
The output is a text file which is probably not the best solution. Hope for some input.
It adds a button in "administrator/index.php?option=com_admin&view=sysinfo" which allows to create a text file with all relevant settings.
All sensitive informations should have been removed.

avatar phproberto phproberto - open - 5 Jun 2015
avatar dgt41
dgt41 - comment - 5 Jun 2015

@phproberto I get both on json and txt the following error code in the beginning of the files:

<br />
<font size='1'><table class='xdebug-error xe-notice' dir='ltr' border='1' cellspacing='0' cellpadding='1'>
<tr><th align='left' bgcolor='#f57900' colspan="5"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Notice: Trying to get property of non-object in /Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/models/sysinfo.php on line <i>424</i></th></tr>
<tr><th align='left' bgcolor='#e9b96e' colspan='5'>Call Stack</th></tr>
<tr><th align='center' bgcolor='#eeeeec'>#</th><th align='left' bgcolor='#eeeeec'>Time</th><th align='left' bgcolor='#eeeeec'>Memory</th><th align='left' bgcolor='#eeeeec'>Function</th><th align='left' bgcolor='#eeeeec'>Location</th></tr>
<tr><td bgcolor='#eeeeec' align='center'>1</td><td bgcolor='#eeeeec' align='center'>0.0008</td><td bgcolor='#eeeeec' align='right'>249968</td><td bgcolor='#eeeeec'>{main}(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/administrator/index.php' bgcolor='#eeeeec'>../index.php<b>:</b>0</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>2</td><td bgcolor='#eeeeec' align='center'>0.0791</td><td bgcolor='#eeeeec' align='right'>3301872</td><td bgcolor='#eeeeec'>JApplicationCms->execute(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/administrator/index.php' bgcolor='#eeeeec'>../index.php<b>:</b>47</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>3</td><td bgcolor='#eeeeec' align='center'>0.0791</td><td bgcolor='#eeeeec' align='right'>3302176</td><td bgcolor='#eeeeec'>JApplicationAdministrator->doExecute(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/libraries/cms/application/cms.php' bgcolor='#eeeeec'>../cms.php<b>:</b>252</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>4</td><td bgcolor='#eeeeec' align='center'>0.1283</td><td bgcolor='#eeeeec' align='right'>5060400</td><td bgcolor='#eeeeec'>JApplicationAdministrator->dispatch(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/libraries/cms/application/administrator.php' bgcolor='#eeeeec'>../administrator.php<b>:</b>152</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>5</td><td bgcolor='#eeeeec' align='center'>0.1316</td><td bgcolor='#eeeeec' align='right'>5185216</td><td bgcolor='#eeeeec'>JComponentHelper::renderComponent(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/libraries/cms/application/administrator.php' bgcolor='#eeeeec'>../administrator.php<b>:</b>98</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>6</td><td bgcolor='#eeeeec' align='center'>0.1379</td><td bgcolor='#eeeeec' align='right'>5280664</td><td bgcolor='#eeeeec'>JComponentHelper::executeComponent(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/libraries/cms/component/helper.php' bgcolor='#eeeeec'>../helper.php<b>:</b>372</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>7</td><td bgcolor='#eeeeec' align='center'>0.1383</td><td bgcolor='#eeeeec' align='right'>5301608</td><td bgcolor='#eeeeec'>require_once( <font color='#00bb00'>'/Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/admin.php'</font> )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/libraries/cms/component/helper.php' bgcolor='#eeeeec'>../helper.php<b>:</b>392</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>8</td><td bgcolor='#eeeeec' align='center'>0.1564</td><td bgcolor='#eeeeec' align='right'>6111072</td><td bgcolor='#eeeeec'>JControllerLegacy->execute(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/admin.php' bgcolor='#eeeeec'>../admin.php<b>:</b>16</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>9</td><td bgcolor='#eeeeec' align='center'>0.1564</td><td bgcolor='#eeeeec' align='right'>6111552</td><td bgcolor='#eeeeec'>JControllerLegacy->display(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/libraries/legacy/controller/legacy.php' bgcolor='#eeeeec'>../legacy.php<b>:</b>728</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>10</td><td bgcolor='#eeeeec' align='center'>0.1706</td><td bgcolor='#eeeeec' align='right'>6706704</td><td bgcolor='#eeeeec'>AdminViewSysinfo->display(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/libraries/legacy/controller/legacy.php' bgcolor='#eeeeec'>../legacy.php<b>:</b>690</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>11</td><td bgcolor='#eeeeec' align='center'>0.1707</td><td bgcolor='#eeeeec' align='right'>6707248</td><td bgcolor='#eeeeec'>AdminViewSysinfo->getLayoutData(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/views/sysinfo/view.text.php' bgcolor='#eeeeec'>../view.text.php<b>:</b>40</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>12</td><td bgcolor='#eeeeec' align='center'>0.2160</td><td bgcolor='#eeeeec' align='right'>7192304</td><td bgcolor='#eeeeec'>AdminModelSysInfo->getSafeData(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/views/sysinfo/view.text.php' bgcolor='#eeeeec'>../view.text.php<b>:</b>80</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>13</td><td bgcolor='#eeeeec' align='center'>0.2160</td><td bgcolor='#eeeeec' align='right'>7192784</td><td bgcolor='#eeeeec'>AdminModelSysInfo->getExtensions(  )</td><td title='/Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/models/sysinfo.php' bgcolor='#eeeeec'>../sysinfo.php<b>:</b>318</td></tr>
</table></font>

or simplified:

Notice: Trying to get property of non-object in /Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/models/sysinfo.php on line 424
Notice: Trying to get property of non-object in /Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/models/sysinfo.php on line 425
Notice: Trying to get property of non-object in /Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/models/sysinfo.php on line 426
Notice: Trying to get property of non-object in /Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/models/sysinfo.php on line 427
Notice: Trying to get property of non-object in /Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/models/sysinfo.php on line 428
Notice: Trying to get property of non-object in /Users/dimitris/Documents/github_projects/joomla1/administrator/components/com_admin/models/sysinfo.php on line 429

avatar dgt41
dgt41 - comment - 6 Jun 2015

@phproberto take a look at phproberto#1

avatar joomla-cms-bot joomla-cms-bot - change - 6 Jun 2015
Labels Added: ? ?
avatar joomla-cms-bot joomla-cms-bot - change - 6 Jun 2015
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - change - 6 Jun 2015
Labels Added: ?
avatar phproberto
phproberto - comment - 6 Jun 2015

@dgt41 I have a applied a different fix in c50f6ef after realising that some extensions manifest may not be cached in the database.

The best example I found was plg_weblinks on my own website

avatar phproberto phproberto - close - 6 Jun 2015
avatar phproberto phproberto - change - 6 Jun 2015
Status New Closed
Closed_Date 0000-00-00 00:00:00 2015-06-06 10:21:16
Closed_By phproberto
avatar phproberto phproberto - close - 6 Jun 2015
avatar wilsonge wilsonge - change - 6 Jun 2015
Status Closed New
Closed_Date 2015-06-06 10:21:16
Closed_By phproberto
avatar wilsonge wilsonge - reopen - 6 Jun 2015
avatar wilsonge wilsonge - reopen - 6 Jun 2015
avatar dgt41
dgt41 - comment - 6 Jun 2015
avatar zero-24 zero-24 - change - 6 Jun 2015
The description was changed
Status New Pending
Rel_Number 0 6021
Relation Type Related to
Easy No Yes
avatar zero-24 zero-24 - change - 6 Jun 2015
Category Administration Components
avatar zero-24 zero-24 - change - 6 Jun 2015
Labels Added: ?
avatar zero-24 zero-24 - change - 6 Jun 2015
Labels Added: ?
avatar zero-24 zero-24 - change - 6 Jun 2015
Milestone Added:
avatar zero-24 zero-24 - change - 6 Jun 2015
The description was changed
avatar roland-d
roland-d - comment - 9 Jun 2015

@phproberto Should we be outputting the host paths in the PATH, SystemRoot, COMSPEC, WINDIR, error_log, extension_dir, include_path, upload_tmp_dir, and session.save_path variables?

avatar phproberto
phproberto - comment - 10 Jun 2015

@phproberto Should we be outputting the host paths in the PATH, SystemRoot, COMSPEC, WINDIR, error_log, extension_dir, include_path, upload_tmp_dir, and session.save_path variables?

@roland-d in my opinion anything that gets private info that may involve security issues should be skipped. I don't see issues with paths relative to system libs. Maybe Phil Taylor (I forgot his github username) can help us here. I'll ping him to see if he can check it.

  • PATH. Already disabled
  • SystemRoot. I need more info. Windows thing?
  • WINDIR. I need more info. Windows thing?
  • error_log. Already disabled
  • extension_dir. Not dangerous IMO
  • include_path. Not dangeour IMO
  • upload_tmp_dir. Already disabled
  • session.save_path. Already disabled
avatar PhilETaylor
PhilETaylor - comment - 10 Jun 2015

@PhilETaylor :-)

The %SystemRoot% variable is a special system-wide environment variable found on Windows NT and its derivatives. Its value is the location of the system directory, including the drive and path. E.g c:\windows\system32

The %WINDIR% is where windows is installed, E.g c:\windows

All of the information in your post is available to hackers with a single line of code anyway - so as long as the exporting of this information is restricted to Super Admins, authenticated and logged in, then its no more of a security risk while displaying the data on the site.

Those that argue otherwise, would probably be the people still recommending moving configuration.php outside the public_html folder - doh!

What is done with the information AFTER it is extracted is another matter - when its posted in open forum etc... thats when this becomes a "security" issue.

Knowing these paths for support purposes is not normally needed, what is more important is a check that the path actually exists, and is writable most of the time. One doesn't care where they are configured to point at, one cares if they are useable.

extension_dir should probably never be writable as this is a system folder and not a folder PHP should have access to on a per site basis

Quite frankly if you are having issues with include_path, upload_tmp_dir, and session.save_path then you need a better webhost - these should be set on a hosting level and not messed around with on a per Joomla install level.

avatar wilsonge
wilsonge - comment - 10 Jun 2015

@PhilETaylor this is information to export. So I'd see the most likely use case as a user giving this info to extension dev's to replicate environments etc

avatar PhilETaylor
PhilETaylor - comment - 10 Jun 2015

Then the question is how much do you trust extension developers :-)

Exporting absolute paths will not help extension developers replicate environments...

avatar Radek-Suski
Radek-Suski - comment - 10 Jun 2015

I was trying to remove all security relevant data from the output. I agree with Phil. The issue is when someone will post these data in forum etc

avatar phproberto
phproberto - comment - 10 Jun 2015

I have removed the information that won't help in any way to replicate enviroments. I think is better that we are more restrictive and then wait for someone asking that some information would be useful.

I'd like that a Windows user confirms that there is no private information shared there.

avatar phproberto
phproberto - comment - 10 Jun 2015

BTW thanks @PhilETaylor for checking it!

avatar PhilETaylor
PhilETaylor - comment - 11 Jun 2015

No worries :-)

avatar brianteeman
brianteeman - comment - 18 Jun 2015

Tested and it works BUT

  1. Is there a reason that the order of each section in the download does not match the order of the tabs.

  2. I think it would be better if the name of each section matched the name of the tabs

  3. When hiding information in the download sometimes xxxxxx is used and sometimes set I think it is better to be consistent and use xxxxxx or was there a specific reason to do this differently that I missed


    This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7129.

avatar phproberto
phproberto - comment - 17 Jul 2015

Thanks for the feedback @brianteeman.

I have rebased the PR against latest staging and based in your comments:

  • Both text + json sections now follow the tabs order.
  • Text file sections now use same titles than the tabs + additional string for Extensons.
  • JSON still uses same keys instead of titles because using translatable titles here would make harder process the file with external tools.
  • For consistency I replaced set with xxxxxx. Old not set strings will just be empty. That way is easier to track all the information that has been set as private.
avatar infograf768
infograf768 - comment - 18 Jul 2015

Any reason not to translate the number of seconds used in the title of the file produced to a real date as this number looks like it is the time elapsed since the epoch time?

avatar infograf768
infograf768 - comment - 18 Jul 2015

Something like:


$today = date("Y-m-d_H-i-s");  // or $today = date("c");
[...]
header('Content-Disposition: attachment; filename="systeminfo-' . $today . '.txt"');
avatar roland-d
roland-d - comment - 17 Oct 2015

@phproberto Can you follow up on @infograf768 question? Thanks.

avatar phproberto
phproberto - comment - 3 Nov 2015

PR updated and @infograf768 's suggestion to get a human readable date implemented.

Thanks!

avatar zero-24 zero-24 - test_item - 3 Nov 2015 - Tested successfully
avatar zero-24
zero-24 - comment - 3 Nov 2015

I have tested this item :white_check_mark: successfully on c823c3e

Works great. Filename is now something like: systeminfo-2015-11-03T09-43-44+01-00.json and systeminfo-2015-11-03T09-43-30+01-00.txt


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7129.

avatar peterpeter peterpeter - test_item - 3 Nov 2015 - Tested successfully
avatar peterpeter peterpeter - test_item - 3 Nov 2015 - Tested successfully
avatar peterpeter
peterpeter - comment - 3 Nov 2015

I have tested this item :white_check_mark: successfully on c823c3e

Obviously the security issues are clarified. Technically it works perfekt.

As those informations are for supporters, some toughts of me as a forum moderator/supporter:

Due to extensions, important infos for supporting are (beside others of course):

  • what 3rd party extensions are installed (id > 700, #__extensions)
  • wich plugins are published and their (fire-)ordering
  • wich templates are involved/having page assignments

Core Components whow are maintained by the core are mostly irrelevant for support. And Modules too, as they 'living' all in their own 'universe', not interfere/manipulate with other extension parts. Templates who are not involved are irrelevant.

But I think that's all stuff for another rainy day :smile:

But for the first implementation I would advise to add the publish state at least for plugins and modules, and ordering of the plugins groupwise + ordering ASC

Just my 20 cents. But anyway, it's a helpful feature for the future. Thanks for the work.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7129.

avatar zero-24 zero-24 - change - 3 Nov 2015
Status Pending Ready to Commit
Labels
avatar zero-24
zero-24 - comment - 3 Nov 2015

Thanks lets RTC here and you can send you improvments with another PR or open a new issue for it ok? Thanks.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7129.

avatar joomla-cms-bot joomla-cms-bot - change - 3 Nov 2015
Labels Added: ?
avatar peterpeter
peterpeter - comment - 3 Nov 2015

Sure, that's what I mean with
"But I think that's all stuff for another rainy day :smile:"

avatar roland-d roland-d - change - 3 Nov 2015
Status Ready to Commit Closed
Closed_Date 0000-00-00 00:00:00 2015-11-03 20:43:55
Closed_By roland-d
avatar roland-d roland-d - close - 3 Nov 2015
avatar wilsonge wilsonge - change - 17 Jan 2016
Labels Removed: ?

Add a Comment

Login with GitHub to post a comment