1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Webmail Calendar Showing cross-site information?

Discussion in 'Plesk for Linux - 8.x and Older' started by Traged1, Dec 13, 2006.

  1. Traged1

    Traged1 Guest

    0
     
    We have reports that after the upgrade to 8.10 the webmail calender program has begun shoing events and days for one domain on the other domain's calender. this is not good. Cross site information should be containted and is a security issue.
     
  2. Traged1

    Traged1 Guest

    0
     
    No body?? I reported this to PLESK support and they have not been able to find out why this is occurring, no doubt it was a mess up from the last upgrade. :mad:
     
  3. Traged1

    Traged1 Guest

    0
     
    I guess I should track down the calender rpm if possible and re-install it. Not sure if the calender has it's own rpm or not?
     
  4. Traged1

    Traged1 Guest

    0
     
    OK it's psa-kronolith-2.1.3-rhel3.build81061129.22.noarch.rpm I will re-install it and report the results?
     
  5. Traged1

    Traged1 Guest

    0
     
    Ok the re-install did not work. It appears that the rpm is not removing the following mysql tables:

    /var/lib/mysql/horde/kronolith_events.MYD
    /var/lib/mysql/horde/kronolith_events.MYI
    /var/lib/mysql/horde/kronolith_storage.MYI
    /var/lib/mysql/horde/kronolith_storage.MYD
    /var/lib/mysql/horde/kronolith_storage.frm
    /var/lib/mysql/horde/kronolith_events.frm

    So when I re-install the rpm the same entries are in all the domains calender.

    I will try to remove these entries via Mysql console and see if that will work?
     
  6. Traged1

    Traged1 Guest

    0
     
    rpm -e psa-kronolith

    mysql -uadmin -p`cat /etc/psa/.psa.shadow`;
    mysql> use horde;
    Database changed
    mysql> show tables;
    +---------------------------+
    | Tables_in_horde |
    +---------------------------+
    | horde_datatree |
    | horde_datatree_attributes |
    | horde_datatree_seq |
    | horde_histories |
    | horde_histories_seq |
    | horde_prefs |
    | horde_sessionhandler |
    | horde_tokens |
    | horde_users |
    | horde_vfs |
    | kronolith_events |
    | kronolith_storage |
    | mnemo_memos |
    | turba_objects |
    +---------------------------+
    14 rows in set (0.00 sec)

    mysql> drop table kronolith_events;
    Query OK, 0 rows affected (0.01 sec)

    mysql> drop table kronolith_storage;
    Query OK, 0 rows affected (0.00 sec)

    rpm -Uvh /root/psa/PSA_8.1.0/dist-rpm-RedHat-el3-i386/opt/horde/psa-kronolith-2.1.3-rhel3.build81061129.22.noarch.rpm

    Doing the above commands will solve the problem. Sw-Soft please write a fix in the installer to check for this upgrade bug.
     
  7. Traged1

    Traged1 Guest

    0
     
    This also happened for turba, so repeat the step above but look for the mysql database table turba_objects, drop it then re-install the psa-turba rpm.
     
Loading...