This question about Installation of Foswiki, Configuration: Answered

Fetching the value or values of a single named parameter

Trying to install and configure a new Foswiki site. Issue appears to be related to the version of a Perl module (possibly multiple). My guess is CGI, but I'm not absolutely sure or convinced that's correct.

I can load the /bin/configure script which does not appears to have any issues on load (everything renders fine). But when I try to Save changes the following error is thrown:

Software error:

CGI::param called in list context from package Foswiki::Configure::UIs::AUTH line 44, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/local/perl5/perlbrew/perls/perl-5.20.1/lib/site_perl/5.20.1/CGI.pm line 437.

The OS is RHEL 5.9, using Perl 5.20.1 installed local to /usr/local/perl5. All the latest version of the required Perl modules have been installed to this same location (so the required modules load correctly).

The version for the Perl CGI module is: 4.11

The site is running under Apache 2.4.10 also installed local to /usr/local/httpd

I'm trying to understand the issue I'm having installing/configuring this new Foswiki site, and what options I have to resolve this. My initial guess is that I'm using newer versions of Perl modules that have changes which are causing issues. I guess if that is true then I don't see what option I have to resolve this, seeing as I've already tried to downgrade CGI without success. So is it one specific Perl module (believing what is reported in the error message) or is it multiple. If there is a patch for Foswiki then that might be an option which fixes Foswiki to handle the newest versions of Perl and specific Perl modules.

In reviewing the requirements for Foswiki, Perl and Perl modules, from what I can tell only a minimum version is listed for Perl and any modules. So my take on that is that the newest should be okay; but I can understand how it could break at some point in the future (given no-one knows future changes for any third-party software).

Has anyone else seen this issue (and hopefully resolved it).

I found something on TWiki, but I could not successfully synthesize the contents to try and solve my problem (there were enough subtle differences that it wasn't a direct correlation). Here's a link to the TWiki article.

-- RobLeach - 05 Dec 2014

Doing a little more research I downloaded the Foswiki 1.1.9 VM images and took a look at the version of Perl and the Perl CGI module it uses which is Perl 5.14.2 and CGI 3.52 which I was not able to locate on CPAN.

-- RobLeach - 05 Dec 2014

Patch for foswiki. Copy the below to a file in the foswiki root named "patchCGI" and apply it using patch -p2 < patchCGI

diff --git a/core/bin/configure b/core/bin/configure
index 3be5c2e..34b5c73 100755
--- a/core/bin/configure
+++ b/core/bin/configure
@@ -274,6 +274,7 @@ my ( %cfg, $defaultCfg );
 
 # Declared in Foswiki to support checkers
 our $query = new CGI;
+$CGI::LIST_CONTEXT_WARN = 0;
 
 # 'constants' used in Foswiki.spec
 my $TRUE  = 1;
diff --git a/core/lib/Foswiki/Engine/CGI.pm b/core/lib/Foswiki/Engine/CGI.pm
index 701fe01..9005326 100644
--- a/core/lib/Foswiki/Engine/CGI.pm
+++ b/core/lib/Foswiki/Engine/CGI.pm
@@ -22,6 +22,8 @@ use Assert;
 use Foswiki::Request         ();
 use Foswiki::Request::Upload ();
 use Foswiki::Response        ();
+$CGI::LIST_CONTEXT_WARN = 0;
+
 
 # ****
 # CGI.pm has a private class called CGITempFile which is used to hold

-- GeorgeClark - 05 Dec 2014

I applied your patch, but no change (exact same error). Remember the message is coming from the configure script when trying to Save changes after making site specific changes. Does the configure script even use the Foswiki engine?

-- RobLeach - 05 Dec 2014

Some further information....

I scrapped the installation I was debugging. Installed Perl 5.14.4 which is the latest 5.14 release. I did not install any additional Perl modules unless required when running the /bin/configure script.

So I ended up installing:
  • CGI.pm-3.52
  • HTML-Parser-3.71
  • HTML-Tree-3.23
  • Locale-Maketext-1.26
  • libwww-perl-5.837

I was able to successfully save the configuration change I made for my local site. I'm going to experiment to see which module/s and which version/s cause the error.

-- RobLeach - 05 Dec 2014

The CGI issue is a known issue. Sorry, I missed the point that it was in configure. You are correct, in Foswiki 1.1.9, configure does not use the foswiki engine. It sounds like you are on your way. We are working on the CGI issue for the upcoming 1.2 foswiki.

-- GeorgeClark - 06 Dec 2014

Patch above is revised to cover both configure and the core engine

-- GeorgeClark - 06 Dec 2014

The revised patch worked. Thanks, I appreciate the help....

-- RobLeach - 08 Dec 2014
 

QuestionForm edit

Subject Installation of Foswiki, Configuration
Extension
Version Foswiki 1.1.9
Status Answered
Related Topics
Topic revision: r8 - 08 Dec 2014, RobLeach
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy