You are here: Foswiki>Tasks Web>Item9136 (10 Jun 2010, CrawfordCurrie)Edit Attach

Item9136: trunk fails to run due to assert related to Foswiki::Func::topicExists

pencil
Priority: Urgent
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component:
Branches:
Reported By: KennethLavrsen
Waiting For:
Last Change By: CrawfordCurrie
Trunk is broken.

When I run any page I get 

Assertion failed!
 at /var/www/foswiki/core/lib/Assert.pm line 65
   Assert::ASSERT('undef') called at /var/www/foswiki/core/lib/Foswiki.pm line 3429
   Foswiki::topicExists('Foswiki=HASH(0x9dfe8a4)', 'Main', 'API') called at /var/www/foswiki/core/lib/Foswiki/Func.pm line 1315
   Foswiki::Func::topicExists('Main', 'API') called at /var/www/foswiki/core/lib/Foswiki/Plugins/FindElsewherePlugin/Core.pm line 183
   Foswiki::Plugins::FindElsewherePlugin::Core::findTopicElsewhere('Main', 'A') called at /var/www/foswiki/core/lib/Foswiki/Plugins/FindElsewherePlugin/Core.pm line 122
   Foswiki::Plugins::FindElsewherePlugin::Core::handle('---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Main', 'WebHome') called at /var/www/foswiki/core/lib/Foswiki/Plugins/FindElsewherePlugin.pm line 59
   Foswiki::Plugins::FindElsewherePlugin::startRenderingHandler('---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Main', 'WebHome') called at /var/www/foswiki/core/lib/Foswiki/Plugin.pm line 285
   Foswiki::Plugin::invoke('Foswiki::Plugin=HASH(0xa2b95b8)', 'startRenderingHandler', '---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Main', 'WebHome') called at /var/www/foswiki/core/lib/Foswiki/Plugins.pm line 331
   Foswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x9dfeb8c)', 'startRenderingHandler', '---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Main', 'WebHome') called at /var/www/foswiki/core/lib/Foswiki/Render.pm line 1096
   Foswiki::Render::getRenderedVersion('Foswiki::Render=HASH(0xa8bbf3c)', '---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Foswiki::Meta=HASH(0xa75d7ec)') called at /var/www/foswiki/core/lib/Foswiki/Meta.pm line 2759
   Foswiki::Meta::renderTML('Foswiki::Meta=HASH(0xa75d7ec)', '---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...') called at /var/www/foswiki/core/lib/Foswiki/UI/View.pm line 410
   Foswiki::UI::View::_prepare('---+!! Welcome to the <nop>%USERSWEB% web \x{a}Congratulations, y...', 'Foswiki::Meta=HASH(0xa75d7ec)', 0) called at /var/www/foswiki/core/lib/Foswiki/UI/View.pm line 388
   Foswiki::UI::View::view('Foswiki=HASH(0x9dfe8a4)') called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 310
   Foswiki::UI::__ANON__() called at /usr/lib/perl5/vendor_perl/5.8.8/Error.pm line 415
   eval {...} called at /usr/lib/perl5/vendor_perl/5.8.8/Error.pm line 407
   Error::subs::try('CODE(0x989c5f0)', 'HASH(0x9dfe658)') called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 428
   Foswiki::UI::_execute('Foswiki::Request=HASH(0x9de3eac)', 'CODE(0x9de3bc4)', 'view', 1) called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 277
   Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x9de3eac)') called at /var/www/foswiki/core/lib/Foswiki/Engine/CGI.pm line 30
   Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x9a8b4f8)') called at /var/www/foswiki/core/bin/view line 45

It seems that either some assert is added for the wrong reason.

Or someone broke the compatibility of the Foswiki::Func::topicExists.

FindElsewherePlugin has worked flawlessly for years.

-- KennethLavrsen - 10 Jun 2010

No, there's nothing wrong with it. The change is that we have added much more thorough taint checking, as part of our ongoing security review, and the FindElsewherePlugin is passing tainted data on to dangerous operations in the core. This security hole will only be reported as long as asserts are enabled.

Some people have argued for the Func interface to always validate data passed in via Func calls. I'm a bit nervous of doing this, because validation always takes some time, and continuually repeating validation of data that should be validated at point-of-source (in this case, the plugin) will bleed performance.

I'll take a look at the plugin.

Later: the reason the data is tainted is the same problem we have been seeing elsewhere, that a s/// no longer untaints (I think since perl 5.10?)

-- CrawfordCurrie - 10 Jun 2010

I improved the messages. Fixes to the plugin went in elsewhere.

-- CrawfordCurrie - 10 Jun 2010

 

ItemTemplate edit

Summary trunk fails to run due to assert related to Foswiki::Func::topicExists
ReportedBy KennethLavrsen
Codebase
SVN Range
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:e11a265bb732
TargetRelease minor
ReleasedIn 1.1.0
Edit  | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r4 - 10 Jun 2010, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy