You are here: Foswiki>Tasks Web>Item11981 (02 Dec 2012, GeorgeClark)Edit Attach

Item11981: USERINFO: broken with FastCGI and {AntiSpam}{HideUserDetails}

pencil
Priority: Urgent
Current State: Closed
Released In: 1.1.6
Target Release: patch
Applies To: Engine
Component: USERINFO
Branches: Release01x01 trunk
Reported By: JanKrueger
Waiting For:
Last Change By: GeorgeClark
On servers that use FastCGI or something similar, the USERINFO macro is too enthusiastic about cloaking data. This is because the variable that controls cloaking is only set in one branch of the code (USERINFO macro with a username arg passed to it). Hence, all future calls of USERINFO without a username arg will be cloaked, too; this breaks saving topics in our setups (among other things).

How to reproduce (probably)

  • Turn on $Foswiki::cfg{AntiSpam}{HideUserDetails}.
  • Set up FastCGI.
  • Log in.
  • Use a %USERINFO{"someusername"}% macro somewhere.
  • Within the same FastCGI process, use a %USERINFO% macro (or %USERNAME%).

How to fix

Here's a diff (against an arbitrary version, but should be easy to apply it manually if necessary):

diff --git a/core/lib/Foswiki/Macros/USERINFO.pm b/core/lib/Foswiki/Macros/USERINFO.pm
index 0af227f..63075e6 100644
--- a/core/lib/Foswiki/Macros/USERINFO.pm
+++ b/core/lib/Foswiki/Macros/USERINFO.pm
@@ -115,6 +115,8 @@ sub USERINFO {
           (      $Foswiki::cfg{AntiSpam}{HideUserDetails}
               && !$this->{users}->isAdmin( $this->{user} )
               && $user ne $this->{user} );
+    } else {
+        $USERINFO_cloak = 0;
     }
 
     return '' unless $user;

-- JanKrueger - 03 Jul 2012

Given the impact of this bug, I've raised to Urgent and confirmed.

-- PaulHarvey - 04 Jul 2012

I've added a unit test to reveal the issue and checked in your fix. Thanks JanKrueger.

-- GeorgeClark - 04 Jul 2012
 

ItemTemplate edit

Summary USERINFO: broken with FastCGI and {AntiSpam}{HideUserDetails}
ReportedBy JanKrueger
Codebase 1.1.5, trunk
SVN Range
AppliesTo Engine
Component USERINFO
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:c1e7feec9f2a distro:e8e45c5a7fca
TargetRelease patch
ReleasedIn 1.1.6
CheckinsOnBranches Release01x01 trunk
trunkCheckins distro:c1e7feec9f2a
Release01x01Checkins distro:e8e45c5a7fca
Topic revision: r6 - 02 Dec 2012, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy