Item11981: USERINFO: broken with FastCGI and {AntiSpam}{HideUserDetails}
Priority: Urgent
Current State: Closed
Released In: 1.1.6
Target Release: patch
Applies To: Engine
Component: USERINFO
Branches: Release01x01 trunk
On servers that use FastCGI or something similar, the USERINFO macro is too enthusiastic about cloaking data. This is because the variable that controls cloaking is only set in one branch of the code (USERINFO macro with a username arg passed to it). Hence, all future calls of USERINFO
without a username arg will be cloaked, too; this breaks saving topics in our setups (among other things).
How to reproduce (probably)
- Turn on
$Foswiki::cfg{AntiSpam}{HideUserDetails}
.
- Set up FastCGI.
- Log in.
- Use a
%USERINFO{"someusername"}%
macro somewhere.
- Within the same FastCGI process, use a
%USERINFO%
macro (or %USERNAME%
).
How to fix
Here's a diff (against an arbitrary version, but should be easy to apply it manually if necessary):
diff --git a/core/lib/Foswiki/Macros/USERINFO.pm b/core/lib/Foswiki/Macros/USERINFO.pm
index 0af227f..63075e6 100644
--- a/core/lib/Foswiki/Macros/USERINFO.pm
+++ b/core/lib/Foswiki/Macros/USERINFO.pm
@@ -115,6 +115,8 @@ sub USERINFO {
( $Foswiki::cfg{AntiSpam}{HideUserDetails}
&& !$this->{users}->isAdmin( $this->{user} )
&& $user ne $this->{user} );
+ } else {
+ $USERINFO_cloak = 0;
}
return '' unless $user;
--
JanKrueger - 03 Jul 2012
Given the impact of this bug, I've raised to Urgent and confirmed.
--
PaulHarvey - 04 Jul 2012
I've added a unit test to reveal the issue and checked in your fix. Thanks
JanKrueger.
--
GeorgeClark - 04 Jul 2012