[pkg-horde] Bug#858950: Turba does not obey restrictions defined in Horde permission system

Leonardo Bruno leobruno at gmail.com
Tue Mar 28 23:02:50 UTC 2017

Package: php-horde-turba
Version: 4.2.2-3
Severity: normal
Tags: patch

Scenario: Suppose you have a 'localldap' contacts source which is
read-only. Also suppose you have set for this source only 'Read' and 'Show'
permissions to 'All Authenticated Users', using the Horde permission
system, available under 'Adminsitration' menu.

Symptoms: Turba will show 'New contact > in localldap' menu option and will
also allow one to fill out the new contact form for this source. However,
when the user click the 'Add' button, Turba will show this error message
'There was an error adding the new contact. Contact your system
administrator for further help.' in that red square box.

There seems to be a typo in line 431 of
/usr/share/horde/turba/lib/Turba.php; The argument of the 'create' function
is '$source' but it should be '$sourceId', as I could confirm by inspecting
the Turba.php file in the package available in Debian stretch repositories,
which ships the version 4.2.18-1 of Turba.

Attached is a minimal patch that solves the problem.

Leonardo Bruno

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages php-horde-turba depends on:
ii  php-horde            5.2.1+debian0-2+deb8u3
ii  php-horde-auth       2.1.5-5
ii  php-horde-content    2.0.4-4
ii  php-horde-core       2.15.0+debian0-1+deb8u1
ii  php-horde-data       2.1.0-5
ii  php-horde-date       2.0.12-5
ii  php-horde-dav        1.1.0-1
ii  php-horde-exception  2.0.4-4
ii  php-horde-form       2.0.8-2
ii  php-horde-group      2.0.4-4
ii  php-horde-history    2.3.1-4
ii  php-horde-icalendar  2.0.9-4
ii  php-horde-mail       2.4.0-4
ii  php-horde-mime       2.4.5-3
ii  php-horde-nls        2.0.4-2
ii  php-horde-perms      2.1.2-4
ii  php-horde-prefs      2.7.0-3
ii  php-horde-serialize  2.0.2-5
ii  php-horde-share      2.0.5-4
ii  php-horde-support    2.1.1-4
ii  php-horde-url        2.2.3-4
ii  php-horde-util       2.5.1-5
ii  php-horde-vfs        2.2.0-4
ii  php-horde-view       2.0.4-4
ii  php5-cli             5.6.30+dfsg-0+deb8u1
ii  php5-common          5.6.30+dfsg-0+deb8u1
ii  php5-json            1.3.6-1

Versions of packages php-horde-turba recommends:
ii  php-horde-activesync        2.19.2-2
ii  php-horde-db                2.1.4-3
ii  php-horde-imsp              2.0.5-2
ii  php-horde-kolab-format      2.0.5-4
ii  php-horde-kolab-storage     2.1.1-3
ii  php-horde-ldap              2.2.0-4
ii  php-horde-openxchange       1.0.0-2
ii  php-horde-service-facebook  2.0.6-2

php-horde-turba suggests no packages.

-- no debconf information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20170328/4ce6908d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: turba_permission.patch
Type: text/x-patch
Size: 548 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20170328/4ce6908d/attachment.bin>

More information about the pkg-horde-hackers mailing list