• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

I did a manual upgrade of TWiki from Cairo to Dakar. Part of it was to create an empty lib/LocalSite.cfg with just an 1; in it. Running and configuring TWiki with configure looked OK. However, when running view I get a server error. Running view from the shell:

./view
Unmatched [ in regex; marked by <-- HERE in m/(?-xism:[ <-- HERE \s\*?~^\$@%`/ at /var/www/vhosts/structuredwikis.com/twiki/lib/TWiki.pm line 1226.

The line in question is indicated by >>>:

    # All roads lead to WebHome
    $topic = $TWiki::cfg{HomeTopicName} if ( $topic =~ /\.\./ );
>>> $topic =~ s/$TWiki::cfg{NameFilter}//go;
    $topic = $TWiki::cfg{HomeTopicName} unless $topic;
    $this->{topicName} = TWiki::Sandbox::untaintUnchecked( $topic );

This is on Linux 2.4.21-27.ELsmp, Perl v5.8.0

I am the third person reporting this issue, see TWiki:Support.UnmatchedBracketInRegexAfterInstallation.

LocalSite.cfg has this:

$TWiki::cfg{NameFilter} = '(?-xism:[\s\*?~^\$@%`';

If I manually remove this line and re-run configure, I get a this value in the {NameFilter} field: (?-xism:[\s\*?~^\$@%`, and this immediately following the field: <>\x00-\x1f])" size="55%" />.

It looks like configure does not do entity encoding for form fields.

If I run configure and set this: [\s\*?~^\$@%`'&;|<>\x00-\x1f] (without the double quote) everything works fine. But this is probably a security issue.

-- PTh

Also reported by TWiki:Main.JohnTalintyre in Item1612

-- PTh

How nostalgic, I remember this as one of the first bugs I ever reported, back in TWiki:Codev.UpgradeTWikiAltersSecurityFilterVariable. Still don't have a clue on how to fix it, though smile

-- SP

You are going to have to help me out here; I cannot reproduce this. As far as I can determine, this was fixed in SVN 7564 i.e. months ago. I have tried adding every known character to the Name Filter in configure, and it works perfectly. The only way I can find to break it is to manually edit the Name Filter and turn it into an invalid RE - in which case it iis reasonable that it should fail. I am trying to reproduce it using the DEVELOP codebase, but nothing has changed in that area so it should be the same as the 4.0.0 code.

Ah; a thought occurs; could this be to do with the perl version?

CC

No feedback, so I'm assuming this is no longer a problem. Discarded.

CC

Please do not close an urgent bug that has been reported by several people.

-- PTh

I stated clearly that I cannot reproduce this, and asked for help to reproduce it. That help has not been forthcoming despite this bug sitting open for over 2 weeks. Please demonstrate how to reproduce this problem, or I will discard the report again in 2 weeks.

CC

This afternoon I encountered this same problem on a Linux Redhat 8, Perl 5.8, after a fresh checkout from today's DEVELOP. Permissions were right, httpd.conf set, configure almost without warnings (except that the log files with %DATE% variables could not be written). Then on hitting view we got this error.

We changed the namefilter string in LocalSite.cfg, and that worked until just before going home I did a small change to configure, and the site went down again. More info tomorrow, hopefully.

AC

Please delete the NameFilter setting from LocalSite.cfg, and start configure again.

  1. When you open configure, what is the setting of NameFilter visible in the browser?
  2. When you save from configure again, does the error reappear?
What version of CGI? Have you ever configured TWiki on this server before?

CC

See attached screenshot. The input field gets corrupted.

<input type="text" name="{NameFilter}" value="(?-xism:[\s\*?~^\$@%`"'&;|<>\x00-\x1f])" size="55%" />

This would work better:

<input type="text" name="{NameFilter}" value="(?-xism:[\s\*?~^\$@%`&quot;'&;|&lt;&gt;\x00-\x1f])" size="55%" />

If I am correct, line 55:

if ($value =~ /^\(\?-xism:(.*)\)$/) {
.* needs to be html-encoded.

-- AC

CDot's fix for configure (from IRC):

sub _PROMPT_FOR_REGEX {
    my( $id, $opts, $value, $keys ) = @_;
    $value =~ s/[[\x01-\x09\x0b\x0c\x0e-\x1f"%&'*<=>@[_\|]/'&#'.ord($&).';'/ge;
    return '<input name="'.$id.'" type="text" size="55%" value="'.$value.'" />';
}

SVN 9160.

AC

Excellent - very happy to see this one out of the way smile

-- SP

Many, many thanks to Arthur for providing the information needed to debug this. It is a bug in CGI.pm, and a nasty one; it is probably responsible for the quotes-in-formfields bug as well.

SVN 9162 is the TWIKI4 checkin.

CC

Closed with release of 4.0.2

KJL

ItemTemplate
Summary Configure script corrupts NameFilter (Unmatched Bracket in Regex)
ReportedBy TWiki:Main.PeterThoeny
Codebase 4.0.4
SVN Range Thu, 02 Feb 2006 build 8675
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins 9160 9162
TargetRelease patch
Topic attachments
I Attachment History Action Size Date Who Comment
PNGpng namefilter_field.png r1 manage 17.5 K 2006-03-10 - 10:02 ArthurClemens  
Edit | Attach | Watch | Print version | History: r18 < r17 < r16 < r15 < r14 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r18 - 2006-07-21 - BenJWheeler
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback