Priority: Urgent
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component:
Branches:
Trunk is broken.
When I run any page I get
Assertion failed!
at /var/www/foswiki/core/lib/Assert.pm line 65
Assert::ASSERT('undef') called at /var/www/foswiki/core/lib/Foswiki.pm line 3429
Foswiki::topicExists('Foswiki=HASH(0x9dfe8a4)', 'Main', 'API') called at /var/www/foswiki/core/lib/Foswiki/Func.pm line 1315
Foswiki::Func::topicExists('Main', 'API') called at /var/www/foswiki/core/lib/Foswiki/Plugins/FindElsewherePlugin/Core.pm line 183
Foswiki::Plugins::FindElsewherePlugin::Core::findTopicElsewhere('Main', 'A') called at /var/www/foswiki/core/lib/Foswiki/Plugins/FindElsewherePlugin/Core.pm line 122
Foswiki::Plugins::FindElsewherePlugin::Core::handle('---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Main', 'WebHome') called at /var/www/foswiki/core/lib/Foswiki/Plugins/FindElsewherePlugin.pm line 59
Foswiki::Plugins::FindElsewherePlugin::startRenderingHandler('---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Main', 'WebHome') called at /var/www/foswiki/core/lib/Foswiki/Plugin.pm line 285
Foswiki::Plugin::invoke('Foswiki::Plugin=HASH(0xa2b95b8)', 'startRenderingHandler', '---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Main', 'WebHome') called at /var/www/foswiki/core/lib/Foswiki/Plugins.pm line 331
Foswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x9dfeb8c)', 'startRenderingHandler', '---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Main', 'WebHome') called at /var/www/foswiki/core/lib/Foswiki/Render.pm line 1096
Foswiki::Render::getRenderedVersion('Foswiki::Render=HASH(0xa8bbf3c)', '---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...', 'Foswiki::Meta=HASH(0xa75d7ec)') called at /var/www/foswiki/core/lib/Foswiki/Meta.pm line 2759
Foswiki::Meta::renderTML('Foswiki::Meta=HASH(0xa75d7ec)', '---+!! Welcome to the <nop>Main web \x{a}Congratulations, you hav...') called at /var/www/foswiki/core/lib/Foswiki/UI/View.pm line 410
Foswiki::UI::View::_prepare('---+!! Welcome to the <nop>%USERSWEB% web \x{a}Congratulations, y...', 'Foswiki::Meta=HASH(0xa75d7ec)', 0) called at /var/www/foswiki/core/lib/Foswiki/UI/View.pm line 388
Foswiki::UI::View::view('Foswiki=HASH(0x9dfe8a4)') called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 310
Foswiki::UI::__ANON__() called at /usr/lib/perl5/vendor_perl/5.8.8/Error.pm line 415
eval {...} called at /usr/lib/perl5/vendor_perl/5.8.8/Error.pm line 407
Error::subs::try('CODE(0x989c5f0)', 'HASH(0x9dfe658)') called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 428
Foswiki::UI::_execute('Foswiki::Request=HASH(0x9de3eac)', 'CODE(0x9de3bc4)', 'view', 1) called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 277
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x9de3eac)') called at /var/www/foswiki/core/lib/Foswiki/Engine/CGI.pm line 30
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x9a8b4f8)') called at /var/www/foswiki/core/bin/view line 45
It seems that either some assert is added for the wrong reason.
Or someone broke the compatibility of the Foswiki::Func::topicExists.
FindElsewherePlugin has worked flawlessly for years.
--
KennethLavrsen - 10 Jun 2010
No, there's nothing wrong with it. The change is that we have added much more thorough taint checking, as part of our ongoing security review, and the FindElsewherePlugin is passing tainted data on to dangerous operations in the core. This security hole will only be reported as long as asserts are enabled.
Some people have argued for the
Func
interface to always validate data passed in via Func calls. I'm a bit nervous of doing this, because validation always takes some time, and continuually repeating validation of data that should be validated at point-of-source (in this case, the plugin) will bleed performance.
I'll take a look at the plugin.
Later: the reason the data is tainted is the same problem we have been seeing elsewhere, that a s/// no longer untaints (I think since perl 5.10?)
--
CrawfordCurrie - 10 Jun 2010
I improved the messages. Fixes to the plugin went in elsewhere.
--
CrawfordCurrie - 10 Jun 2010