Item9027: Registering new user results in Taint error
Priority: Urgent
Current State: Closed
Released In:
Target Release: minor
Applies To: Engine
Component: register
Branches:
| 2010-05-16T04:54:17Z warning | Registration failed: Insecure dependency in open while running with -T switch at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Store/VC/Handler.pm line 812.
at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Store/VC/Handler.pm line 812
Foswiki::Store::VC::Handler::saveFile('Foswiki::Store::VC::RcsWrapHandler=HASH(0x919a1d0)', '/usr/local/src/svn.foswiki.org/trunk/core/data/Main/PaulHarve...', 'BaseUserMapping_222\x{a}1273985657') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Store/VC/Handler.pm line 660
Foswiki::Store::VC::Handler::setLock('Foswiki::Store::VC::RcsWrapHandler=HASH(0x919a1d0)', 1, 'BaseUserMapping_222') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Store/VC/Store.pm line 312
Foswiki::Store::VC::Store::atomicLock('Foswiki::Store::RcsWrap=HASH(0x8fefd60)', 'Foswiki::Meta=HASH(0x8d09a40)', 'BaseUserMapping_222') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Meta.pm line 1762
Foswiki::Meta::_atomicLock('Foswiki::Meta=HASH(0x8d09a40)', 'BaseUserMapping_222') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Meta.pm line 1673
Foswiki::Meta::saveAs('Foswiki::Meta=HASH(0x8d09a40)', 'Main', 'PaulHarvey') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Meta.pm line 1603
Foswiki::Meta::__ANON__() called at /usr/share/perl5/Error.pm line 416
eval {...} called at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0x95341f0)', 'HASH(0x95343d0)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Meta.pm line 1607
Foswiki::Meta::save('Foswiki::Meta=HASH(0x8d09a40)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI/Register.pm line 967
Foswiki::UI::Register::__ANON__() called at /usr/share/perl5/Error.pm line 416
eval {...} called at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0x950bdf8)', 'HASH(0x9529660)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI/Register.pm line 971
Foswiki::UI::Register::_writeRegistrationDetailsToTopic('Foswiki=HASH(0x8f83558)', 'HASH(0x93b4a08)', 'Foswiki::Meta=HASH(0x8dadf20)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI/Register.pm line 902
Foswiki::UI::Register::_createUserTopic('Foswiki=HASH(0x8f83558)', 'HASH(0x93b4a08)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI/Register.pm line 773
Foswiki::UI::Register::__ANON__() called at /usr/share/perl5/Error.pm line 416
eval {...} called at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0x8d70538)', 'HASH(0x93bd670)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI/Register.pm line 820
Foswiki::UI::Register::_complete('Foswiki=HASH(0x8f83558)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI/Register.pm line 361
Foswiki::UI::Register::registerAndNext('Foswiki=HASH(0x8f83558)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI/Register.pm line 93
Foswiki::UI::Register::register_cgi('Foswiki=HASH(0x8f83558)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI.pm line 303
Foswiki::UI::__ANON__() called at /usr/share/perl5/Error.pm line 416
eval {...} called at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0x8a76948)', 'HASH(0x8fe3728)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI.pm line 411
Foswiki::UI::_execute('Foswiki::Request=HASH(0x8f2ac00)', 'CODE(0x8f2aa90)', 'register', 1) called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/UI.pm line 270
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x8f2ac00)') called at /usr/local/src/svn.foswiki.org/trunk/core/lib/Foswiki/Engine/CGI.pm line 29
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x8c5e3f0)') called at /usr/local/src/svn.foswiki.org/trunk/core/bin/register line 45.
|
The registration is successful in that the
.htpasswd
entry is correct and may be used to login, but after the error message, there is no user topic and the session is not auth'd
The
WikiUsers topic
does contain a link to the new user topic (which is missing), however.
Perl 5.10.1
This prevents the error and allows successful registration. For some reason I couldn't come up with a regex to get rid of the taint error - so the root cause is probably not on the lines indicated, but might help someone who knows this code better.
Index: lib/Foswiki/UI/Register.pm
===================================================================
--- lib/Foswiki/UI/Register.pm (revision 7435)
+++ lib/Foswiki/UI/Register.pm (working copy)
@@ -924,7 +924,8 @@
$before = '' unless defined($before);
$after = '' unless defined($after);
- my $user = $data->{WikiName};
+ my $user = 'TestUser12345';
my $topicObject =
Foswiki::Meta->new( $session, $Foswiki::cfg{UsersWebName}, $user );
my $log;
--
PaulHarvey - 16 May 2010
See also:
Item9053
--
PaulHarvey - 24 May 2010
I fixed this yesterday.
http://trac.foswiki.org/changeset/7525
(stumbled over it while debugging another problem)
--
CrawfordCurrie - 25 May 2010