Item11443: CommentPlugin throws an oops that asserts with a taint error

pencil
Priority: Normal
Current State: Closed
Released In: 1.2.0
Target Release: n/a
Applies To: Extension
Component: CommentPlugin
Branches: Release01x01 trunk
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
As a non-admin, attempt to target a missing topic in System web or some other web without write access. The oops is thrown by CommentPlugin/Comment.pm Line 228, but for some reason, it ends up corrupted resulting in an assert error.

$web and $topic were not validated and untainted. Maybe some issues in the throw syntax. Fixed.

-- GeorgeClark - 15 Jan 2012

Web is not validated to exist. Need to throw an error if the target web does not exist.

-- GeorgeClark - 15 Jan 2012
 

[Sun Jan 15 00:39:49 2012] rest: Assertion (topic is tainted) failed!
[Sun Jan 15 00:39:49 2012] rest:  at /var/www/foswiki/trunk/core/lib/Assert.pm line 80
[Sun Jan 15 00:39:49 2012] rest:    Assert::ASSERT(undef, 'topic is tainted') called at /var/www/foswiki/trunk/core/lib/Foswiki/Meta.pm line 378
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::Meta::new('Foswiki::Meta', 'Foswiki=HASH(0x8569a38)', 'web', 'System') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI/Oops.pm line 125
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::Oops::oops('Foswiki=HASH(0x8569a38)', 'web', 'System', 'Foswiki::Request=HASH(0x85046d0)', 0) called at /var/www/foswiki/trunk/core/lib/Foswiki/OopsException.pm line 222
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::OopsException::generate('Foswiki::OopsException=HASH(0x8abf8a8)', 'Foswiki=HASH(0x8569a38)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 369
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::__ANON__('Foswiki::AccessControlException=HASH(0x8aec9e8)', 'SCALAR(0x8124b18)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 339
[Sun Jan 15 00:39:49 2012] rest:    eval {...} called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 329
[Sun Jan 15 00:39:49 2012] rest:    Error::subs::run_clauses('HASH(0x8569758)', 'Foswiki::AccessControlException=HASH(0x8aec9e8)', undef, 'ARRAY(0x8124ef8)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 426
[Sun Jan 15 00:39:49 2012] rest:    Error::subs::try('CODE(0x804e338)', 'HASH(0x8569758)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 435
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::_execute('Foswiki::Request=HASH(0x85046d0)', 'CODE(0x8504440)', 'rest', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 274
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x85046d0)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 41
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81ff738)') called at rest line 29
[Sun Jan 15 00:39:49 2012] rest:  at /var/www/foswiki/trunk/core/lib/Assert.pm line 80
[Sun Jan 15 00:39:49 2012] rest:    Assert::ASSERT(undef, 'topic is tainted') called at /var/www/foswiki/trunk/core/lib/Foswiki/Meta.pm line 378
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::Meta::new('Foswiki::Meta', 'Foswiki=HASH(0x8569a38)', 'web', 'System') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI/Oops.pm line 125
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::Oops::oops('Foswiki=HASH(0x8569a38)', 'web', 'System', 'Foswiki::Request=HASH(0x85046d0)', 0) called at /var/www/foswiki/trunk/core/lib/Foswiki/OopsException.pm line 222
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::OopsException::generate('Foswiki::OopsException=HASH(0x8abf8a8)', 'Foswiki=HASH(0x8569a38)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 369
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::__ANON__('Foswiki::AccessControlException=HASH(0x8aec9e8)', 'SCALAR(0x8124b18)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 339
[Sun Jan 15 00:39:49 2012] rest:    eval {...} called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 329
[Sun Jan 15 00:39:49 2012] rest:    Error::subs::run_clauses('HASH(0x8569758)', 'Foswiki::AccessControlException=HASH(0x8aec9e8)', undef, 'ARRAY(0x8124ef8)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 426
[Sun Jan 15 00:39:49 2012] rest:    Error::subs::try('CODE(0x804e338)', 'HASH(0x8569758)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 435
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::_execute('Foswiki::Request=HASH(0x85046d0)', 'CODE(0x8504440)', 'rest', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 274
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x85046d0)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 41
[Sun Jan 15 00:39:49 2012] rest:    Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81ff738)') called at rest line 29.
 at /usr/lib/perl5/vendor_perl/5.12.2/CGI/Carp.pm line 379
   CGI::Carp::realdie('[Sun Jan 15 00:39:49 2012] rest: Assertion (topic is tainted)...') called at /usr/lib/perl5/vendor_perl/5.12.2/CGI/Carp.pm line 475
   CGI::Carp::die('Error::Simple=HASH(0x8aece18)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 184
   Error::throw('Error::Simple=HASH(0x8aece18)') called at /usr/lib/perl5/vendor_perl/5.12.2/Error.pm line 436
   Error::subs::try('CODE(0x804e338)', 'HASH(0x8569758)') called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 435
   Foswiki::UI::_execute('Foswiki::Request=HASH(0x85046d0)', 'CODE(0x8504440)', 'rest', 1) called at /var/www/foswiki/trunk/core/lib/Foswiki/UI.pm line 274
   Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x85046d0)') called at /var/www/foswiki/trunk/core/lib/Foswiki/Engine/CGI.pm line 41
   Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x81ff738)') called at rest line 29

Debug print in Oops shows that the parameters have been shifted somehow - $web is "web" and $topic is "System", but I have been unable to figure out where it happens.

With asserts disabled, the oops display shows the incorrect information:

Access Denied

Attention

Access check on web.System failed. Action "CHANGE": topic.

-- GeorgeClark - 15 Jan 2012

 
Topic revision: r10 - 14 Oct 2012, GeorgeClark - This page was cached on 25 May 2016 - 11:15.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License