403 After deleting link

[trip1e]

LinkStack version

v4.7.1

Description

Page: /studio/links
Task: Delete link
Procedure: I press the DELETE (trash) button next to the link I want to delete.
What happens: Redirects to 403 - /deleteLink/907871310 - The link is not deleted

Details about your system

PHP Version 8.0.30

System	Linux uvirt106 4.19.0-25-amd64 #1 SMP Debian 4.19.289-2 (2023-08-08) x86_64
Build Date	Aug 7 2023 10:14:23
Build System	Linux bullseye 5.10.0-23-amd64 #1 SMP Debian 5.10.179-3 (2023-07-27) x86_64 GNU/Linux
Configure Command	'./configure' '--prefix=/usr' '--with-apxs2=/usr/bin/apxs2' '--with-config-file-path=/etc/php80/apache2' '--build=x86_64-linux-gnu' '--host=x86_64-linux-gnu' '--with-libdir=/lib/x86_64-linux-gnu' '--mandir=/usr/share/man' '--disable-debug' '--disable-rpath' '--disable-static' '--with-pic' '--with-layout=GNU' '--with-pear=/usr/share/php' '--enable-calendar' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-bcmath' '--with-bz2' '--enable-ctype' '--with-db4' '--with-gdbm=/usr' '--enable-intl' '--enable-exif' '--enable-ftp' '--with-gettext' '--enable-mbstring' '--enable-shmop' '--enable-sockets' '--with-zlib' '--with-kerberos=/usr' '--with-openssl=/usr' '--enable-mysqlnd' '--with-pdo-mysql' '--with-pdo-pgsql' '--with-pdo-dblib' '--with-mysqli' '--with-mhash' '--with-tidy' '--enable-soap' '--with-zip' '--without-mm' '--with-curl=/usr' '--enable-gd' '--with-jpeg' '--with-xpm=/usr/X11R6' '--with-webp' '--with-freetype' '--with-zlib-dir=/usr' '--with-ldap=/usr' '--with-imap=/usr' '--with-imap-ssl=/usr' '--with-unixODBC=shared,/usr' '--with-xsl=/usr' '--with-libxml' '--with-snmp=/usr' '--with-pgsql=/usr' '--with-iconv' '--enable-opcache' '--with-pspell=shared' '--with-sodium' '--with-enchant' '--with-gmp=shared' 'build_alias=x86_64-linux-gnu' 'host_alias=x86_64-linux-gnu'
Server API	Apache 2.0 Handler
Virtual Directory Support	disabled
Configuration File (php.ini) Path	/etc/php80/apache2
Loaded Configuration File	/etc/php80/apache2/php.ini
Scan this dir for additional .ini files	(none)
Additional .ini files parsed	(none)
PHP API	20200930
PHP Extension	20200930
Zend Extension	420200930
Zend Extension Build	API420200930,NTS
PHP Extension Build	API20200930,NTS
Debug Build	no
Thread Safety	disabled
Zend Signal Handling	enabled
Zend Memory Manager	enabled
Zend Multibyte Support	provided by mbstring
IPv6 Support	enabled
DTrace Support	disabled
Registered PHP Streams	https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports	tcp, udp, unix, udg, ssl, tls, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
Registered Stream Filters	zlib., bzip2., convert.iconv., string.rot13, string.toupper, string.tolower, convert., consumed, dechunk

How to reproduce

Press the DELETE (trash) button next to the link I want to delete.

Possible Solution

No response

Additional Context

No response

[craeckor]

I'm not able to reproduce this issue.
For testing, can you create a new Link and then try to delete it. Does it work? Maybe an update created the problem.
Also check your Apache2 log and Lavarel Log.
Maybe @JulianPrieber is able to reproduce this issue.

[JulianPrieber]

We need more help reproducing this. This has been reported 3 times so far. I'm assuming this is some issue with authentication.

[trip1e]

What can I do for you regarding this issue?

…

On 18 Jan 2024 at 17:55 +0100, Julian Prieber ***@***.***>, wrote: We need more help reproducing this. This has been reported 3 times so far. I'm assuming this is some issue with authentication. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: ***@***.***>

[JulianPrieber]

What can I do for you regarding this issue?

Best is a step-by-step setup guide how to reproduce the issue reliably, or if you were able to fix the issue documentation for that.

If I use a recent version and set it up either using the docker image or NGINX/Apache, I cannot reproduce this issue.
There has to be something causing this, we're just not sure what it is.

[p-collins]

Just to report I'm experiencing this as well, both delete and edit links results in 403 Forbidden.

SQLite backend running on IIS non-production, everything is straight out the zip folder. Let me know if I can shared anything specific to help

Nothing in the Laravel log and only the 403 confirmation in the IIS log.

[JulianPrieber]

Let me know if someone can edit the file system and run a debug file for me 👍

[JulianPrieber]

Please replace the file content of app/Http/Middleware/LinkId.php with this debug file:
https://gist.github.com/JulianPrieber/d5318ca83f09879f93a1092fea38bb8c

Then log in to your admin panel and try to delete a link.

[p-collins]

No worries, here's the output:

https://gist.github.com/p-collins/ca393afd5f19c447398e541d7be58902

[JulianPrieber]

Alright, thank you so much!

Here is what it should look like:

You have the same Link User ID and User ID, but the
The code compares the two and if they're not identical the request gets blocked.

request still gets blocked.

So essentially your code is returning:
1 ≠ 1

Your database is saving the user_id as "1" not 1. I wasn't able to reproduce this on MySQL or SQLite.

But we can adjust the code to account for that. I wasn't aware that this is possible, but this should fix it:
https://gist.github.com/JulianPrieber/f08014916904a0a294002cac70bea29f

[p-collins]

Confirmed fix for me at least.