Item11512: Ensure all topics in System pass

Priority: Urgent
Current State: Confirmed
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: SafeWikiPlugin
Branches: Release01x01 trunk
Reported By: CrawfordCurrie
Waiting For:
Last Change By: GeorgeClark
Many topics have inline JS and validation errors that mean they are not passed by the plugin. Fix them. Script:
for f in *.txt; do g=`basename $f .txt`; echo $g;../../bin/view -I ../../bin -topic=System.$g >$g.out; done
Set {SafeWikiPlugin}{Action} to ASSERT and enable FOSWIKI_ASSERTS. Turning {CheckPurity} on gives more errors, but I think they can be lived with, at least until the main problems are solved.

CompleteDocumentation.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline '
FormattedSearch.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline '
JQueryAjaxHelper.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline '
JQueryBlockUI.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline '
JQueryPNotify.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline '
JQuerySerialScroll.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline '
JQueryThemeSwitcher.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed on* 'DP_jQuery_1293746940113.datepicker._adjustDate('#datepicker', -1, 'M');' on command line) failed!
JQueryTmpl.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline ' 
Macros.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline '
PatternSkinElements.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed on* 'if(this.value=='Commenting is disabled while running from the command line')this.value=''' on command line) failed!
SiteChanges.out:Assertion (SAFEWIKI: FAIL Assertion (SafeWikiPlugin: ASSERT: Disarmed inline '

-- CrawfordCurrie - 08 Feb 2012

I've run the above script on a 1.1.4 clean install, and added all MD5 fingerprints from the inline scripts and handlers to Config.spec. With that added, the test runs cleanly, except for 3 topics:

-- GeorgeClark - 09 Feb 2012


-- GeorgeClark - 10 Feb 2012

We need a more accessible way to get the md5 for filtered inline JS, without having to go back to the error log. Sometimes getting to the error log is a PITA.

So long as the topic with the md5s is well protected, then I see no problem with announcing the md5 in the message that reports (in the browser) that something was filtered. Of course that md5 will only work if the inline code is free of context macros, but there are many other ways of shooting yourself in the toes too.

Also, I have something of a concern that the md5s are not currently trackable. If I come along and change a piece of JS, then the old md5 is redundant; how do I find it to remove it?

-- CrawfordCurrie - 16 Feb 2012

Crawford, Your commit - distro:a909d478a9fd SafeWikiPlugin:b1ebaea625e6 for SafeWikiPlugin appears to have reverted some changes to - having to do with read-only password file. I doubt that you wanted that - so TopicUserMapper is now out of sync between Trunk and Release11.

-- GeorgeClark - 25 Feb 2012

Hard to be certain, without knowing which changes you are referring to.... but if it's the removal automatic modification of $Foswiki:;cfg then my change was quite deliberate. I have had to help users several times where registration was disabled because they had an unwritable password file, despite their enabling passwords in configure. So I moved the check for a writable password file to the configure checker. Unfortunately the checker change was not part of that checkin, and I was premature with the mapper checkin; I will merge the checker change across to Release01x01 which will allow the mapper to be made consistent again.

IMHO nothing in the core code should modify user settings from configure. It's very confusing for the user. Adding to the configuration in the event of missing items is OK-ish, though still to be discouraged.

-- CrawfordCurrie - 11 Mar 2012

I don't recall now what the issue was, it was more just surprising to find changes related to readonly password file in a commit to SafeWikiPlugin. Makes picking through tasks to include in release notes challenging.

-- GeorgeClark - 29 Apr 2012
Topic revision: r27 - 29 Apr 2012, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy