New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item10803 (17 Dec 2011, GeorgeClark)Edit Attach

Item10803: CompareRevisionsAddOn causes illegal {SwitchBoard} value in Foswiki configuration (affects ApacheLogin users)

Priority: Urgent
Current State: Closed
Released In: 1.1.4
Target Release: patch
Applies To: Extension
Component: CompareRevisionsAddOn
Reported By: PaulHarvey
Waiting For: PaulHarvey
Last Change By: GeorgeClark
On a fresh checkout, a full run through configure will eventually produce an illegal value for {SwitchBoard}{compareauth} (this script is used in ApacheLogin configurations to authenticate access to the compare script):
You are about to update 1 setting
{SwitchBoard}{compareauth}   HASH(0x163e2f8)

The lib/Foswiki/Contrib/CompareRevisionsAddOn/Config.spec file is wrong; the {SwitchBoard}{compareauth} entry is missing its type information, so Foswiki's configure UI treats the value is a string (instead of a hash).

So the Config.spec should look like this:
# ---+ Extensions
# ---++ CompareRevisionsAddOn
# **PERL**
# This setting is required to enable executing the compare script from the bin directory
$Foswiki::cfg{SwitchBoard}{compare} = {
    package  => 'Foswiki::Contrib::CompareRevisionsAddOn::Compare',
    function => 'compare',
    context  => {
        diff      => 1,
        comparing => 1
# **PERL**
# This setting is required when using ApacheLogin and the user needs to be authenticated when executing the compare script
$Foswiki::cfg{SwitchBoard}{compareauth} = {
    package  => 'Foswiki::Contrib::CompareRevisionsAddOn::Compare',
    function => 'compare',
    context  => {
        diff      => 1,
        comparing => 1

The problem now, is that we have shipped a broken Config.spec in the last couple of releases of CompareRevisionsAddOn (incl. the version shipped in Foswiki 1.1.3), and simply fixing the Config.spec isn't enough.

So I've add a Configure checker that will flag an error in the configure UI if the switchboard entry is invalid, with instructions to copy-paste the value from {SwitchBoard}{compare} above.

-- PaulHarvey - 28 May 2011

Although this is a terrible mistake on my part, this switchboard entry is only used when:
  • You are using ApacheLogin
  • You are not authenticated
  • The topic denies access to WikiGuest
  • You directly access an /bin/compare or /bin/compareauth URL

-- PaulHarvey - 28 May 2011

ItemTemplate edit

Summary CompareRevisionsAddOn causes illegal {SwitchBoard} value in Foswiki configuration (affects ApacheLogin users)
ReportedBy PaulHarvey
Codebase 1.1.3, trunk
SVN Range
AppliesTo Extension
Component CompareRevisionsAddOn
Priority Urgent
CurrentState Closed
WaitingFor PaulHarvey
Checkins distro:03f420b69aad distro:097908a7d956 distro:bdbf15693bb0 distro:1445d46089e5
TargetRelease patch
ReleasedIn 1.1.4
Topic revision: r7 - 17 Dec 2011, GeorgeClark - This page was cached on 16 Jun 2018 - 12:00.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy