First Last Prev Next    This bug is not in your last search results.
Bug 39573 - Adjustment of /umcp/ to /univention-management-console/
Adjustment of /umcp/ to /univention-management-console/
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: General
UCS@school 4.1
Other Linux
: P5 normal (vote)
: UCS@school 4.1
Assigned To: Florian Best
Sönke Schwardt-Krummrich
:
Depends on: 38820 39476
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-16 12:54 CEST by Florian Best
Modified: 2016-01-11 11:15 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): API change
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2015-10-16 12:54:33 CEST 
We have to adjust two pathes: The screenshots of the computerroom and the download path of the printermoderation module.

In general it's good to replace all references of the old URI.

+++ This bug was initially created as a clone of Bug #38820 +++

The UMCSessionId Cookie is not restricted to /umcp/ and /univention-management-console/ which leads to the possibility of Cross-Site-Cooking attacks.

Of course also /owncloud/ or /~user/ will receive that cookie.

E.g. https://billy/~fbest/xss2.html will give me the session if you were logged in recently.
Comment 1 Florian Best univentionstaff 2015-10-16 12:59:55 CEST 
ucs-school-umc-printermoderation (12.0.1-1):
r64543 | Bug #39573: Adjust /umcp/ to /univention-management-console/
QA: download a file in printermoderation (or let ucs-test-ucsschool run in jenkins)

ucs-test-ucsschool (3.0.1-1):
r64543 | Bug #39573: Adjust /umcp/ to /univention-management-console/
QA: just let all tests run in jenkins

ucs-school-umc-computerroom (7.0.1-1):
r64543 | Bug #39573: Adjust /umcp/ to /univention-management-console/
QA: is a screenshot visible in computerroo module

ucs-school-umc-exam (5.0.2-1):
r64543 | Bug #39573: Adjust /umcp/ to /univention-management-console/
→ The module used a copy of UMCConnection because this did not exists in univention-lib when it was introduced. I compared with vimdiff, they behave the same.
QA: start one exam
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2015-11-09 22:17:39 CET 
Looks like the UCS test scripts have not been updated accordingly. They are currently failing.
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2015-11-09 22:27:18 CET 
It has to be checked, if this change breaks exam mode if master is on UCS@school 4.1 and DC slave is on UCS@school 4.0 R2.
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2015-11-17 01:03:18 CET 
(In reply to Sönke Schwardt-Krummrich from comment #2)
> Looks like the UCS test scripts have not been updated accordingly. They are
> currently failing.

→ this was another problem

(In reply to Sönke Schwardt-Krummrich from comment #3)
> It has to be checked, if this change breaks exam mode if master is on
> UCS@school 4.1 and DC slave is on UCS@school 4.0 R2.

According to Bug #38820 → no

OK: code change
OK: functional test
OK: xml changelog
Comment 5 Florian Best univentionstaff 2016-01-11 11:15:32 CET 
UCS@school 4.1 has been released:
http://docs.software-univention.de/release-notes-ucsschool-4.1v1-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.