cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item10803 (17 Dec 2011, GeorgeClark)Edit Attach

Item10803: CompareRevisionsAddOn causes illegal {SwitchBoard} value in Foswiki configuration (affects ApacheLogin users)

pencil
Priority: Urgent
Current State: Closed
Released In: 1.1.4
Target Release: patch
Applies To: Extension
Component: CompareRevisionsAddOn
Branches:
Reported By: PaulHarvey
Waiting For: PaulHarvey
Last Change By: GeorgeClark
On a fresh checkout, a full run through configure will eventually produce an illegal value for {SwitchBoard}{compareauth} (this script is used in ApacheLogin configurations to authenticate access to the compare script):
You are about to update 1 setting
{SwitchBoard}{compareauth}   HASH(0x163e2f8)

The lib/Foswiki/Contrib/CompareRevisionsAddOn/Config.spec file is wrong; the {SwitchBoard}{compareauth} entry is missing its type information, so Foswiki's configure UI treats the value is a string (instead of a hash).

So the Config.spec should look like this:
# ---+ Extensions
# ---++ CompareRevisionsAddOn
# **PERL**
# This setting is required to enable executing the compare script from the bin directory
$Foswiki::cfg{SwitchBoard}{compare} = {
    package  => 'Foswiki::Contrib::CompareRevisionsAddOn::Compare',
    function => 'compare',
    context  => {
        diff      => 1,
        comparing => 1
    }
};
# **PERL**
# This setting is required when using ApacheLogin and the user needs to be authenticated when executing the compare script
$Foswiki::cfg{SwitchBoard}{compareauth} = {
    package  => 'Foswiki::Contrib::CompareRevisionsAddOn::Compare',
    function => 'compare',
    context  => {
        diff      => 1,
        comparing => 1
    }
};
1;

The problem now, is that we have shipped a broken Config.spec in the last couple of releases of CompareRevisionsAddOn (incl. the version shipped in Foswiki 1.1.3), and simply fixing the Config.spec isn't enough.

So I've add a Configure checker that will flag an error in the configure UI if the switchboard entry is invalid, with instructions to copy-paste the value from {SwitchBoard}{compare} above.

-- PaulHarvey - 28 May 2011

Although this is a terrible mistake on my part, this switchboard entry is only used when:
  • You are using ApacheLogin
  • You are not authenticated
  • The topic denies access to WikiGuest
  • You directly access an /bin/compare or /bin/compareauth URL

-- PaulHarvey - 28 May 2011
 

ItemTemplate edit

Summary CompareRevisionsAddOn causes illegal {SwitchBoard} value in Foswiki configuration (affects ApacheLogin users)
ReportedBy PaulHarvey
Codebase 1.1.3, trunk
SVN Range
AppliesTo Extension
Component CompareRevisionsAddOn
Priority Urgent
CurrentState Closed
WaitingFor PaulHarvey
Checkins distro:03f420b69aad distro:097908a7d956 distro:bdbf15693bb0 distro:1445d46089e5
TargetRelease patch
ReleasedIn 1.1.4
Topic revision: r7 - 17 Dec 2011, GeorgeClark - This page was cached on 27 May 2018 - 06:21.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy