Item9518: Taint error creating topic - exposed due to broken webtopiccreator.js
Priority: Urgent
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component: Manage
Branches:
Broken
webtopiccreator.js
doesn't sanitize topic name, which exposes this error. Probably could recreate by disabling javascript.
- Enable ASSERTS in
bin/LocalLib.cfg
- Visit Main/WebCreateNewTopic
- Enter topic name "asdfasdf"
- *Do not check the
Allow non WikiWord for the new topic name
- Press Create button
Note that if the Allow non Wikiword box is checked, the error does not occur. Proceed to edit, then select cancel, and it causes the taint error in
Item9517
Software error:
Assertion (topic is tainted) failed!
at /var/www/foswiki/trunk/core/lib/Assert.pm line 80
Assert::ASSERT(undef, 'topic is tainted') called at /var/www/foswiki/trunk/core/lib/Foswiki/Meta.pm line 228
Foswiki::Meta::new('Foswiki::Meta', 'Foswiki=HASH(0x84aedf8)', 'Main', 'asdfasdf') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI/Oops.pm line 123
Foswiki::UI::Oops::oops('Foswiki=HASH(0x84aedf8)', 'Main', 'asdfasdf', 'Foswiki::Request=HASH(0x846d3e8)', 0) called at /var/www/foswiki/trunk/core/lib/Foswiki/OopsException.pm line 221
Foswiki::OopsException::generate('Foswiki::OopsException=HASH(0x8811f18)', 'Foswiki=HASH(0x84aedf8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 373
Foswiki::UI::__ANON__('Foswiki::OopsException=HASH(0x8811f18)', 'SCALAR(0x8114888)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 339
eval {...} called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 329
Error::subs::run_clauses('HASH(0x84aeb28)', 'Foswiki::OopsException=HASH(0x8811f18)', undef, 'ARRAY(0x8114c78)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 426
Error::subs::try('CODE(0x804e2c8)', 'HASH(0x84aeb28)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 429
Foswiki::UI::_execute('Foswiki::Request=HASH(0x846d3e8)', 'CODE(0x806fba8)', 'manage', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 277
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x846d3e8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 30
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81dc2c8)') called at manage line 24
at /var/www/foswiki/trunk/core/lib/Assert.pm line 80
Assert::ASSERT(undef, 'topic is tainted') called at /var/www/foswiki/trunk/core/lib/Foswiki/Meta.pm line 228
Foswiki::Meta::new('Foswiki::Meta', 'Foswiki=HASH(0x84aedf8)', 'Main', 'asdfasdf') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI/Oops.pm line 123
Foswiki::UI::Oops::oops('Foswiki=HASH(0x84aedf8)', 'Main', 'asdfasdf', 'Foswiki::Request=HASH(0x846d3e8)', 0) called at /var/www/foswiki/trunk/core/lib/Foswiki/OopsException.pm line 221
Foswiki::OopsException::generate('Foswiki::OopsException=HASH(0x8811f18)', 'Foswiki=HASH(0x84aedf8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 373
Foswiki::UI::__ANON__('Foswiki::OopsException=HASH(0x8811f18)', 'SCALAR(0x8114888)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 339
eval {...} called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 329
Error::subs::run_clauses('HASH(0x84aeb28)', 'Foswiki::OopsException=HASH(0x8811f18)', undef, 'ARRAY(0x8114c78)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 426
Error::subs::try('CODE(0x804e2c8)', 'HASH(0x84aeb28)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 429
Foswiki::UI::_execute('Foswiki::Request=HASH(0x846d3e8)', 'CODE(0x806fba8)', 'manage', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 277
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x846d3e8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 30
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81dc2c8)') called at manage line 24.
Software error:
[Sat Aug 21 21:06:06 2010] manage: Assertion (topic is tainted) failed!
[Sat Aug 21 21:06:06 2010] manage: at /var/www/foswiki/trunk/core/lib/Assert.pm line 80
[Sat Aug 21 21:06:06 2010] manage: Assert::ASSERT(undef, 'topic is tainted') called at /var/www/foswiki/trunk/core/lib/Foswiki/Meta.pm line 228
[Sat Aug 21 21:06:06 2010] manage: Foswiki::Meta::new('Foswiki::Meta', 'Foswiki=HASH(0x84aedf8)', 'Main', 'asdfasdf') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI/Oops.pm line 123
[Sat Aug 21 21:06:06 2010] manage: Foswiki::UI::Oops::oops('Foswiki=HASH(0x84aedf8)', 'Main', 'asdfasdf', 'Foswiki::Request=HASH(0x846d3e8)', 0) called at /var/www/foswiki/trunk/core/lib/Foswiki/OopsException.pm line 221
[Sat Aug 21 21:06:06 2010] manage: Foswiki::OopsException::generate('Foswiki::OopsException=HASH(0x8811f18)', 'Foswiki=HASH(0x84aedf8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 373
[Sat Aug 21 21:06:06 2010] manage: Foswiki::UI::__ANON__('Foswiki::OopsException=HASH(0x8811f18)', 'SCALAR(0x8114888)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 339
[Sat Aug 21 21:06:06 2010] manage: eval {...} called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 329
[Sat Aug 21 21:06:06 2010] manage: Error::subs::run_clauses('HASH(0x84aeb28)', 'Foswiki::OopsException=HASH(0x8811f18)', undef, 'ARRAY(0x8114c78)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 426
[Sat Aug 21 21:06:06 2010] manage: Error::subs::try('CODE(0x804e2c8)', 'HASH(0x84aeb28)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 429
[Sat Aug 21 21:06:06 2010] manage: Foswiki::UI::_execute('Foswiki::Request=HASH(0x846d3e8)', 'CODE(0x806fba8)', 'manage', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 277
[Sat Aug 21 21:06:06 2010] manage: Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x846d3e8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 30
[Sat Aug 21 21:06:06 2010] manage: Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81dc2c8)') called at manage line 24
[Sat Aug 21 21:06:06 2010] manage: at /var/www/foswiki/trunk/core/lib/Assert.pm line 80
[Sat Aug 21 21:06:06 2010] manage: Assert::ASSERT(undef, 'topic is tainted') called at /var/www/foswiki/trunk/core/lib/Foswiki/Meta.pm line 228
[Sat Aug 21 21:06:06 2010] manage: Foswiki::Meta::new('Foswiki::Meta', 'Foswiki=HASH(0x84aedf8)', 'Main', 'asdfasdf') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI/Oops.pm line 123
[Sat Aug 21 21:06:06 2010] manage: Foswiki::UI::Oops::oops('Foswiki=HASH(0x84aedf8)', 'Main', 'asdfasdf', 'Foswiki::Request=HASH(0x846d3e8)', 0) called at /var/www/foswiki/trunk/core/lib/Foswiki/OopsException.pm line 221
[Sat Aug 21 21:06:06 2010] manage: Foswiki::OopsException::generate('Foswiki::OopsException=HASH(0x8811f18)', 'Foswiki=HASH(0x84aedf8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 373
[Sat Aug 21 21:06:06 2010] manage: Foswiki::UI::__ANON__('Foswiki::OopsException=HASH(0x8811f18)', 'SCALAR(0x8114888)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 339
[Sat Aug 21 21:06:06 2010] manage: eval {...} called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 329
[Sat Aug 21 21:06:06 2010] manage: Error::subs::run_clauses('HASH(0x84aeb28)', 'Foswiki::OopsException=HASH(0x8811f18)', undef, 'ARRAY(0x8114c78)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 426
[Sat Aug 21 21:06:06 2010] manage: Error::subs::try('CODE(0x804e2c8)', 'HASH(0x84aeb28)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 429
[Sat Aug 21 21:06:06 2010] manage: Foswiki::UI::_execute('Foswiki::Request=HASH(0x846d3e8)', 'CODE(0x806fba8)', 'manage', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 277
[Sat Aug 21 21:06:06 2010] manage: Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x846d3e8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 30
[Sat Aug 21 21:06:06 2010] manage: Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81dc2c8)') called at manage line 24.
at /usr/lib/perl5/vendor_perl/5.10.1/CGI/Carp.pm line 354
CGI::Carp::realdie('[Sat Aug 21 21:06:06 2010] manage: Assertion (topic is tainte...') called at /usr/lib/perl5/vendor_perl/5.10.1/CGI/Carp.pm line 446
CGI::Carp::die('Error::Simple=HASH(0x882cb08)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 184
Error::throw('Error::Simple=HASH(0x882cb08)') called at /usr/lib/perl5/vendor_perl/5.10.1/Error.pm line 436
Error::subs::try('CODE(0x804e2c8)', 'HASH(0x84aeb28)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 429
Foswiki::UI::_execute('Foswiki::Request=HASH(0x846d3e8)', 'CODE(0x806fba8)', 'manage', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 277
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x846d3e8)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 30
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81dc2c8)') called at manage line 24
--
GeorgeClark - 22 Aug 2010