Sitefinity 4.1 Security Issues (After Upgrade)

Posted by Community Admin on 04-Aug-2018 19:39

Sitefinity 4.1 Security Issues (After Upgrade)

All Replies

Posted by Community Admin on 25-Apr-2011 00:00
Hi Guys,

Despite the other issues bugging other users, in general I am able to work with the new release.  I came accross an issue, however, that I may not have noticed for awhile had I not had a specific need.  Right now, I have a few users, and don't go into the user administration that much right now, and ran into a problem after the upgrade to Sitefinity 4.1:

    Goto Administration-->Users
    Click on any user, and the following error occurs (including admin users):
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
  
Source Error: 
  
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  
  
Stack Trace: 
  
  
[NullReferenceException: Object reference not set to an instance of an object.]
   Telerik.Sitefinity.Fluent.DynamicData.DynamicTypeDescriptionFacade.LoadDynamicTypeDescription(Type dynamicType) +88
   Telerik.Sitefinity.Modules.UserProfiles.UserProfilesHelper.GetUserProfileType(Type clrType, String metaDataProviderName) +173
   Telerik.Sitefinity.Modules.UserProfiles.Web.UI.UserProfilesControl.InitializeControls(GenericContainer dialogContainer) +578
   Telerik.Sitefinity.Web.UI.SimpleView.CreateChildControls() +81
   System.Web.UI.Control.EnsureChildControls() +181
   System.Web.UI.Control.PreRenderRecursiveInternal() +59
   System.Web.UI.Control.PreRenderRecursiveInternal() +221
   System.Web.UI.Control.PreRenderRecursiveInternal() +221
   System.Web.UI.Control.PreRenderRecursiveInternal() +221
   System.Web.UI.Control.PreRenderRecursiveInternal() +221
   System.Web.UI.Control.PreRenderRecursiveInternal() +221
   System.Web.UI.Control.PreRenderRecursiveInternal() +221
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4184
  
   
  
  
--------------------------------------------------------------------------------

Also, if I Try to click on "Manage Profile types", The site goes into an endless alert saying:

"Specified type 'Telerik.Sitefinity.Security.Model.SitefinityProfile' is not a dynamic type"

Thanks, Greg
Posted by Community Admin on 26-Apr-2011 00:00
Hi Greg Figueroa,

After the upgrade do you have a record in sf_meta_type_descriptions that looks like this:

id - 445278DC-F303-4BEC-8589-E2A7446C610C
app_name - //
meta_type_id - 638670CC-B540-4FD3-ADB0-101899D1630A
user_friendly_name - Basic profile
description - NULL
voa_version - 1

Also you need a record in sf_meta_types with id equal to the meta_type_id above. Some clients reported that after a fresh upgrade this issue was fixed.

Best wishes,
Lubomir Velkov
the Telerik team

Posted by Community Admin on 26-Apr-2011 00:00
Indeed the sf_meta_type_descriptions table is completely empty.  I added the record, however, you say a corresponding record with an id that matches this records meta_type_id must exist in sf_meta_types, however, you neglected to tell me the following:

    class_name
    name_space

For now, I put "Security" in class_name and "Telerik.Sitefinity.Security.Model" in name_space.  Unfortunately, the problem still exists.  I suppose I'll have to create a fresh site and compare the databases.  Very unfortunate.

Thanks, Greg
Posted by Community Admin on 26-Apr-2011 00:00
Okay, so I created a new site, and found the proper entries for the tables you spoke about.  After making the changes, nothing is different.  The error still occurs.  I suppose I'll have to open a ticket.

Thanks, Greg
Posted by Community Admin on 29-Apr-2011 00:00
Hello Greg Figueroa,

It seems that the upgrade process didn't do its job properly. That's why you don't have these records in the database. Also, it seems like there are other records to be added somewhere as well, but I'm not sure how OpenAccess serializes the data. We are investigating the upgrade issues now and hopefully will fix them for the upcoming Service pack.

Best wishes,
Lubomir Velkov
the Telerik team

This thread is closed