kellerben/dudle

Error when creating new Poll

h3ll3 opened this issue · 2 comments

h3ll3 commented

Hello Everybody,

i'm not sure if there's anyone out there who still looks into this section but at least i wanted to try finding somebody to help me.

Of course i've read the several posts here that were dealing with the same problem but all of them got closed with e.g. "i made everything new, now it works but i dont know why" ....so, i also made everything new but i am still unable to create new polls.

My Problem is: Dudle frontpage is working, check.cgi doesn't show any errors but every time i try to create a new poll i'm running into the same error:

"Error
An error occurred while executing DuD-Poll.
Please send an error report, including your browser, operating system, and what you did to [webmaster@10.xx.xx.xx](mailto:webmaster@yourserver.de)"

Dudle-Log shows:
[Wed Aug 09 14:23:04.492127 2023] [cgid:error] [pid 9683:tid 140036099913408] [client 10.242.2.4:61371] End of script output before headers: edit_columns.cgi, referer: http://10.xx.xx.xx/

I have installed the following tools on my Debian machine:

git (2.39.2)
ruby (ruby 3.1.2p20)
ruby-gettext
gettext
potool
ruby-dev 
libxml2-dev 
zlib1g-dev
ratom
passenger
libapache2-mod-passenger
Apache2 Webserver (2.4.57)

My Apache dudle.conf:

<VirtualHost *:80>
        DocumentRoot /var/www/dudle
        ErrorLog /var/log/dudle.error.log
        TransferLog /var/log/dudle.access.log
</VirtualHost>
<Directory /var/www/dudle/>
        Options +ExecCGI +FollowSymLinks +Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
        SetEnv GIT_AUTHOR_NAME "http user"
        SetEnv GIT_AUTHOR_EMAIL "foo@example.org"
        SetEnv GIT_COMMITTER_NAME "$GIT_AUTHOR_NAME"
        SetEnv GIT_COMMITTER_EMAIL "$GIT_AUTHOR_EMAIL"
</Directory>

The .htaccess file located in /var/www/dudle/ is the default one but i also tried adding "SetEnv GIT_..." params into it without success.

Output of cd /var/www/dudle/test8/

git log

commit b3fb4f673c912c81d9ebef2e01d0a57bcd4a754d (HEAD -> master)
Author: http user <foo@example.org>
Date:   Wed Aug 9 14:41:20 2023 +0200

    Poll test8 created

cat data.yaml

# This is a dudle poll file
--- !ruby/object:Poll
name: test8
head: !ruby/object:TimePollHead
  data: []
data: {}
comment: []

But i have to mention that i had to enter following command for not receiving any git errors

git config --global --add safe.directory '*'

Pls does anyone have an idea for my issue?

Thank you!

xtaran commented

Ran into that, too, on Debian Testing with Ruby 3.1.2 (Debian package ruby3.1 at version 3.1.2-7) and as CGI behind an Apache HTTPd. Full error message:

AH01215: /usr/lib/ruby/3.1.0/psych/class_loader.rb:99:in `find': Tried to load unspecified class: Poll (Psych::DisallowedClass): /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/class_loader.rb:28:in `load': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:424:in `resolve_class': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:213:in `visit_Psych_Nodes_Mapping': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:318:in `visit_Psych_Nodes_Document': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:30:in `visit': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/visitor.rb:6:in `accept': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych/visitors/to_ruby.rb:35:in `accept': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych.rb:335:in `safe_load': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /usr/lib/ruby/3.1.0/psych.rb:370:in `load': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /srv/dudle/dudle/dudle.rb:128:in `initialize': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi:34:in `new': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
AH01215: \tfrom /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi:34:in `<main>': /srv/dudle/dudle/6w4T4CqXVQ/edit_columns.cgi, referer: https://[…]/poll/
End of script output before headers: edit_columns.cgi, referer: https://[…]/poll/

Code is at 5893e39, i.e. current HEAD as of this writing. The only local changes were made to the .htaccess file for the subdirectory /poll/ used for the poll and changes from old Apache 2.2 access control syntax to modern 2.4 syntax.

libruby3.1 in Debian at the version mentioned above seems to provide ruby-psych at version 4.0.3. But there is also a dedicated ruby-psych package at version 5.0.2-1 available. But installing that on in addition brought no change.

xtaran commented

This seems to be the same issue as #145 and there is fix in there which helped for.

Will provide a patch via pull request later, but for now this shell snipped worked for me:

git grep -l YAML::load | xargs sed s/YAML::load/YAML::unsafe_load/ -i