FOGProject / fogproject

An open source computer cloning & management system
https://fogproject.org
GNU General Public License v3.0
1.14k stars 222 forks source link

[working-1.6] Values on full registration need stripping and some even decoding #424

Closed Sebastian-Roth closed 4 months ago

Sebastian-Roth commented 3 years ago

When you register a client through the PXE menu it's hostname will have a trailing new line (\n) in the database and the image is not set although being specified on full registration - because it's not being decoded (base64) and not stripped.

In FOG 1.5.x we use a general function to take care of the base64 decoding and trimming/stripping newlines/spaces: https://github.com/FOGProject/fogproject/blob/dev-branch/packages/web/lib/reg-task/registration.class.php#L142

This needs to be added to working-1.6 as well. It's probably not just hostname and imageID that needs attention.

mastacontrola commented 3 years ago

This is already done. Though it's happening explicitly:

https://github.com/FOGProject/fogproject/blob/working-1.6/packages/web/lib/reg-task/registration.class.php#L150 From what I can tell, the imageid is not being decoded.

Maybe I've been out of this for a while, but what do you mean "When you register a client through the PXE menu"? I don't recall ever having a method of registering from PXE.

Sebastian-Roth commented 3 years ago

@mastacontrola What I mean is the registration from the FOG iPXE menu if a host boots up and is not registered yet. See the following picture. When selecting the full registration you are asked to enter things like hostname, image ID to be assigned to the new host and so on.

VirtualBox_test2_07_08_2021_21_10_15

As I said in the initial post the hostname ends up being stored in the database including the trailing new line \n because the PHP code does not strip the input. Even worse with image ID as FOS sends it base64 encoded but the FOG 1.6.x code does not decode it.

mastacontrola commented 3 years ago

I don't have anything to test against but I have added the stripAndDecode back onto the $_POST variables. It should work, but without testing I don't feel comfortable just saying it does. If you'd be willing to test or know who could test the latest working-1.6

kenshirouhl commented 2 years ago

Hi, is there any update on this issue? We have been using the 1.6 version for a over a year now and this is the only part which is holding it back.

mastacontrola commented 4 months ago

Pretty sure this is addressed in code updated over the last year or 2. We have a few developers testing and as far as I can tell things are good, if anyone's keen to test it would really help.

Thank you!

kenshirouhl commented 4 months ago

Hi Tom, it was fixed about a year ago and was very welcome, thanks alot. With the registration the issue we have now is when we assign the snapins that bit doesn't work, but saying that I haven't updated for a while and you have done a lot of fixes recently.

darksidemilk commented 4 months ago

@kenshirouhl snapins being assigned should be fixed as of today. There was an issue where the snapins assignment was assigning given groupids instead of snapins id's. So you may also have snapins associations to group id's on that db.

mastacontrola commented 4 months ago

I'm going to close this issue.