Open grichardomi opened 4 years ago
RussH
commented
4 years ago so I don't use the careers page, however;
https://demo.opencats.org/careers/
should reproduce what you want. If you haven't registered, you just browse the job listings, and then when you try to apply for one, you're prompted to register.
grichardomi
commented
4 years ago Thanks for responding.
I still get the message after registering (admin@example.com | test4 | 84770) . And it is not allowing me to update my profile.
shantadam
commented
4 years ago Hi grichardomi,
Forgive me for going with your username, but I have no reference to your first name.
As for the issue, may I ask what is your role while accessing OpenCATS? Were you given access to a link? Are you a user? a candidate? An admin? If not an admin, do you have an admin? Are you trying to install? Is it an existing system?
We need some more in-depth knowledge of the context on who is accessing and how. Simply mentioning browser as Firefox, won’t help.
Regards, Shant Adam,
On Feb 28, 2020, at 12:09 PM, grichardomi notifications@github.com wrote:
Using Firefox,
Login an existing candidate from the Career Page, I'm getting this message "You have not registered yet. Please wait while we direct you to the job list"
Can anyone help with the cause of this message or how to register a candidate?
Thank you!
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/opencats/OpenCATS/issues/466?email_source=notifications&email_token=AA53AVP6QX24B6VMCMVT4U3RFFAL7A5CNFSM4K5UQ662YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IRFP2WQ, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA53AVJARLZNA6SVKWJLE3LRFFAL7ANCNFSM4K5UQ66Q.
grichardomi
commented
4 years ago what is your role while accessing OpenCATS? Candidate
Were you given access to a link? https://demo.opencats.org/careers/ admin2@example.com | lastname: test5 | zipcode: 84770
Are you a user? Candidate
If not an admin, do you have an admin? Candidates should not have to have admin access in order to update their profile
Are you trying to install? I experience same behavior on demo site and on an newly installed server.
shantadam
commented
4 years ago I only have good news for you from my end. All my tests, through your provided link along with the candidate credentials passed successfully by logging in.
At this point, I have two favours to ask you:
Regards, Shant Adam
On Feb 29, 2020, at 5:03 PM, grichardomi notifications@github.com wrote:
what is your role while accessing OpenCATS? Candidate
Were you given access to a link? https://demo.opencats.org/careers/ admin2@example.commailto:admin2@example.com | lastname: test5 | zipcode: 84770
Are you a user? Candidate
If not an admin, do you have an admin? Candidates should not have to have admin access in order to update their profile
Are you trying to install? I experience same behavior on demo site and on an newly installed server.
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/opencats/OpenCATS/issues/466?email_source=notifications&email_token=AA53AVOF5QG76NRIRNWFQKDRFGCZPA5CNFSM4K5UQ662YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENMHFGQ#issuecomment-592999066, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA53AVPPHNNPESVQUDN4O53RFGCZPANCNFSM4K5UQ66Q.
grichardomi
commented
4 years ago No change with Browser cache cleared on Firefox.
As a candidate applying for job, I should be able to revise profile as needed. When trying to update, message is displayed: "You have not registered yet. Please wait while we direct you to the job list..."
shantadam
commented
4 years ago The fact is you just helped narrow the scenario down to a specific issue. Which is now much more clear.
At first your email read as if you were unable to access and upon login attempt you were getting the warning measage. However, it is now clear that the issue is beyong login access and it lies within the “candidate personal profile updating” action. The latter issue will have to be investigated, resolved and in terms of release I’ll relay the call to @RussH.
In the meantime, are you in a position to help chip-in with a patch on this issue? Let us know.
Regards, Shant Adam
On Mar 1, 2020, at 9:42 AM, grichardomi notifications@github.com wrote:
No change with Browser cache cleared on Firefox.
As a candidate applying for job, I should be able to revise profile as needed. When trying to update, message is displayed: "You have not registered yet. Please wait while we direct you to the job list..."
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/opencats/OpenCATS/issues/466?email_source=notifications&email_token=AA53AVK2ANMYJU3FWH5MX6LRFJX6PA5CNFSM4K5UQ662YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENNA7KY#issuecomment-593104811, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA53AVNQW33TDDYT4DZ5RWTRFJX6PANCNFSM4K5UQ66Q.
grichardomi
commented
4 years ago I looking to enlist PHP consultants for a fix. So far, no positive feedback. Will keep any outcome here.
grichardomi
commented
4 years ago Will post any outcome here.
grichardomi
commented
4 years ago Had a consultant working on this. Here is the fix:
1) modules\careers\CareersUI.php
2) Edit the line 1748 (This will change the preg pattern) to the below
3) /"([^\"]+)"="([^\"]*)"/
Correct condition is below if (preg_match_all('/"([^\"]+)"="([^\"]*)"/', $_COOKIE[$id], $matches) > 0)
shantadam
commented
4 years ago Grichardomi,
It seems that you do have a team that backs you up.
Are you in a position to ask them to help contribute the changes to OpenCATS repo? If so, ask them to follow the following high level quick instructions, as such:
Regards, Shant Adam
From: grichardomi notifications@github.com Sent: March 2, 2020 4:30 PM To: opencats/OpenCATS OpenCATS@noreply.github.com Cc: Shant Adam shant.adam@mxcgi.com; Comment comment@noreply.github.com Subject: Re: [opencats/OpenCATS] Candidate Not Registered (#466)
Had a consultant working on this. Here is the fix:
Correct condition is below if (preg_match_all('/"([^"]+)"="([^"]*)"/', $_COOKIE[$id], $matches) > 0)
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/opencats/OpenCATS/issues/466?email_source=notifications&email_token=AA53AVMKDWRXQDAHNV4ENJTRFQQO5A5CNFSM4K5UQ662YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENRB3SA#issuecomment-593632712, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA53AVMZSSIJWQEYIJBY7QLRFQQO5ANCNFSM4K5UQ66Q.
grichardomi
commented
4 years ago No, I'm a very small fish.
I hired a PHP consultant specifically for this fix.
shantadam
commented
4 years ago Fair enough, grichardomi. We’ll see to incorporate the fix. Until the next release, thank you for your contribution. Feel free to reach us anytime you have questions around OpenCATS. Thank you.
Regards, Shant Adam
From: grichardomi notifications@github.com Sent: March 2, 2020 5:50 PM To: opencats/OpenCATS OpenCATS@noreply.github.com Cc: Shant Adam shant.adam@mxcgi.com; Comment comment@noreply.github.com Subject: Re: [opencats/OpenCATS] Candidate Not Registered (#466)
No, I'm a very small fish.
I hired a PHP consultant specifically for this fix.
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/opencats/OpenCATS/issues/466?email_source=notifications&email_token=AA53AVO7WTSSTBKIQPSAGN3RFQZ3BA5CNFSM4K5UQ662YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENRJRZA#issuecomment-593664228, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA53AVLYR6FSGVXR6SLMG7TRFQZ3BANCNFSM4K5UQ66Q.
hansmach1ne
commented
2 years ago While assessing application's security I stumbled upon the careers endpoint. It appears to me that application gives cookie after login on the /careers/index.php endpoint. The cookie format is the following (after URL decoding it): cats1cw="email"="mach1ne@XXX.org""lastName"="mach1ne""zip"="10000",
Regex that is incorrectly validating the cookie is here: https://github.com/opencats/OpenCATS/blob/master/modules/careers/CareersUI.php#L262.
Said regex will match the cookie only when in this format: \"email\"=\"mach1ne%40mach1ne.org\"\"lastName\"=\"mach1ne\"\"zip\"=\"10000\".
Bottom line is regex inside getCookieField function need to be modified (for the careers module at least), to /"([^"]+)"="([^"]*)"/ as grichardomi provided will fix the issue.
RussH
commented
2 years ago @hansmach1ne @grichardomi thank you for the commit - I'll test this in a local instance (& then assuming it's good I'll accept it)
Using Firefox,
Login an existing candidate from the Career Page, I'm getting this message "You have not registered yet. Please wait while we direct you to the job list"
Can anyone help with the cause of this message or how to register a candidate?
Thank you!