Item10626: TWiki web is revealed even if TWikiCompatibilityPlugin is disabled

Documentation for TWiki web states:

"If you do not need TWiki compatibility you can disable TWikiCompatibilityPlugin in the configure Plugins section. This will also hide the TWiki web so it does not appear in any user interfaces. Not even administrators will see it. "

This is true on 1.0.9, but on 1.1.3 the TWiki web is revealed to administrators even with the plugin disabled. With the plugin disabled on 1.0.9, explicitly accessing the TWiki web will result in an error stating that the Web does not exist. On 1.1.3, the web is accessible even for non-admin users.

-- GeorgeClark - 12 Apr 2011

Appears to be part of the Store refactor, in 1.0.x Store::webExists:

    # Foswiki ships with TWikiCompatibilityPlugin but if it is disabled we
    # do not want the TWiki web to appear as a valid web to anyone.
    if ( $web eq 'TWiki' ) {
        unless ( defined ( $Foswiki::cfg{Plugins}{TWikiCompatibilityPlugin}{Enabled} )
                 && $Foswiki::cfg{Plugins}{TWikiCompatibilityPlugin}{Enabled} == 1 ) {
            return 0;
        }
    }

-- GeorgeClark - 12 Apr 2011

I've restored this code to Foswiki/Store/VC/Store.pm subroutine webExists. Committed to both 1.1.3 and trunk. Need CDot to review, is this the correct fix for 1.2?

-- GeorgeClark - 12 Apr 2011

Looks correct to me

-- KennethLavrsen - 12 Apr 2011

if it works, it's correct; though I intensely dislike having dependencies on a plugin in core code; there's got to be a better way to do this.

-- CrawfordCurrie - 12 Apr 2011

and I hate the auto-vivification you're creating here... Maybe add a exists $Foswiki::cfg{Plugins}->{TWikiCompatibilityPlugin} ... You may remove the ->, I just find it clearer, but it's true we never use it anywhere else in the code. Otherwise a for keys %{ $Foswiki::cfg{Plugins} } will get an extraneous empty TWikiCompatibilityPlugin entry, which could have consequences.

-- OlivierRaginel - 12 Apr 2011

I just copy/paste restored the 1.0 code into 1.1. I agree though - it's an awful solution. I don't have the time to try anything else right now. Please commit a better solution if you have time.

-- GeorgeClark - 12 Apr 2011

I committed a fix against my concern. I agree with CDot there has to be a better way, but I couldn't think of one. Also, this means anybody with a web called TWiki will have issues without TCP. Maybe we could just make a configure checker stating that there is a TWiki web but TCP isn't enabled, so it might make sense to rm -rf the lot. As far as I'm concerned, this bug is fixed (was fixed by George).

-- OlivierRaginel - 12 Apr 2011

It is fixed. We have other hardcoded things that relate to certain extensions and especially the TCP is not any extention. It has a very special purpose. Thanks for fixing the code related issue.

-- KennethLavrsen - 13 Apr 2011

Commenting is disabled while not logged in