Item10340: Problem with User Account named topic creation
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release: n/a
Hello
I have problem with topic creation for same name as logged user..
I have enabled apache authentication and there is no user registration enabled. That's why users have to create own home topic personally.
- When I try to create topic to Main web with a same name as logged user "DemoUser" I cannot do it ?
- When I try to create topic "DemoUser" to other web's it will be go smoothly
Some log about situation?
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] Insecure dependency in open while running with -T switch at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/Store/VC/Handler.pm line 839., referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/Store/VC/Handler.pm line 839, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::Store::VC::Handler::saveFile('Foswiki::Store::VC::RcsWrapHandler=HASH(0x9167aa0)', '/usr/local/nest_tools/Foswiki-1.1.2/data/Main/DemoUser.lease', 'taken\\x{a}1297355500\\x{a}user\\x{a}DemoUser\\x{a}expires\\x{a}1297359100') called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/Store/VC/Handler.pm line 730, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::Store::VC::Handler::setLease('Foswiki::Store::VC::RcsWrapHandler=HASH(0x9167aa0)', 'HASH(0x8e08ad0)') called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/Store/VC/Store.pm line 518, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::Store::VC::Store::setLease('Foswiki::Store::RcsWrap=HASH(0x8e555e8)', 'Foswiki::Meta=HASH(0x9562838)', 'HASH(0x8e08ad0)') called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/Meta.pm line 2402, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::Meta::setLease('Foswiki::Meta=HASH(0x9562838)', 3600) called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/UI/Edit.pm line 451, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::UI::Edit::finalize_edit('Foswiki=HASH(0x8dca3c8)', 'Foswiki::Meta=HASH(0x9562838)', '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN...') called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/UI/Edit.pm line 35, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::UI::Edit::edit('Foswiki=HASH(0x8dca3c8)') called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/UI.pm line 316, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::UI::__ANON__() called at /usr/share/perl5/Error.pm line 416, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \teval {...} called at /usr/share/perl5/Error.pm line 408, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tError::subs::try('CODE(0x88cb948)', 'HASH(0x8dca0e8)') called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/UI.pm line 435, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::UI::_execute('Foswiki::Request=HASH(0x8dafbc0)', 'CODE(0x8daf7b0)', 'edit', 1) called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/UI.pm line 277, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::UI::handleRequest('Foswiki::Request=HASH(0x8dafbc0)') called at /usr/local/nest_tools/Foswiki-1.1.2/lib/Foswiki/Engine/CGI.pm line 37, referer: https://nestdemo.localdomain/ProjectFOSWIKI/
[Thu Feb 10 08:31:40 2011] [error] [client 192.168.52.18] \tFoswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x8ab9d50)') called at /usr/local/nest_tools/Foswiki-1.1.2/bin/edit line 24., referer: https://nestdemo.localdomain/ProjectFOSWIKI/
How we solved problem in first case?
This document is about how T-flag error in Foswiki is fixed.
/usr/local/nest_tools/Foswiki/lib/Foswiki/Store/VC/RcsWrapHandler.pm
141: # initial revision, so delete repository file and start again
142: $this->{rcsFile} = Foswiki::Sandbox::untaintUnchecked($this->{rcsFile});
143: unlink $this->{rcsFile};
165: $this->{file} = Foswiki::Sandbox::untaintUnchecked($this->{file});
166: chmod( $Foswiki::cfg{RCS}{filePermission}, $this->{file} );
486: $this->{file} = Foswiki::Sandbox::untaintUnchecked($this->{file});
487: chmod( $Foswiki::cfg{RCS}{filePermission}, $this->{file} )
523: $this->{file} = Foswiki::Sandbox::untaintUnchecked($this->{file});
524: chmod( $Foswiki::cfg{RCS}{filePermission}, $this->{file} );
/usr/local/nest_tools/Foswiki/lib/Foswiki/Store/VC/Handler.pm
693: else {
694: $filename = Foswiki::Sandbox::untaintUnchecked($filename);
695: unlink $filename
733: my $filename = _controlFileName( $this, 'lease' );
734: $filename = Foswiki::Sandbox::untaintUnchecked($filename);
735: if ($lease) {
829: sub moveFile {
830: my ( $this, $from, $to ) = @_;
831: $from = Foswiki::Sandbox::untaintUnchecked($from);
832: $to = Foswiki::Sandbox::untaintUnchecked($to);
833: ASSERT( -e $from ) if DEBUG;
842: $this->mkPathTo($name);
842: $name = Foswiki::Sandbox::untaintUnchecked($name);
842: my $fh;
--
MarkoRintamaki - 10 Feb 2011
It's been a while. Have you gotten any resolution or workaround to this? A number of these "taint" issues have been resolved in later versions of Foswiki. You might try 1.1.3
--
GeorgeClark - 21 Sep 2011
I added some information about changed files... Fixes was done one of my our member. Changes are done for Foswiki 1.1.3
Could this provide more information
--
MarkoRintamaki - 31 Oct 2011
Crawford, are there some taint issues lurking here, maybe triggered by perl versions?
--
GeorgeClark - 08 Mar 2012
It seems unlikely, given that the failure is triggered from the save script. Only way to track this down is to debug it; untainting the data at the handler level is definitely
not recommended.
--
CrawfordCurrie - 08 Mar 2012
--
MarkoRintamaki - 08 Mar 2012
We have been working with server solution called
FreeNEST. It's preinstalled ubuntu 10.4 image ...
Image is downloadable already at
http://beachhead.labranet.jamk.fi/wiki
But I could try to setup server for you ? You could access this instance and try to debug? Of course you have other work also
http://www.conceptnest.org
--
MarkoRintamaki - 08 Mar 2012
Setting this to No Action. Foswiki 1.2 will ship with Taint checking disabled. That should resolve issues like this.
--
GeorgeClark - 06 Jan 2015