You are here: Foswiki>Tasks Web>Item11473 (28 Feb 2012, GeorgeClark)Edit Attach

Item11473: Author is shown as UnknownUser on topics where .txt has been mauled by an external process

pencil
Priority: Urgent
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Engine
Component:
Branches:
Reported By: KennethLavrsen
Waiting For:
Last Change By: GeorgeClark
Between 1.1.3 and 1.1.4 someone have changed the user mapping code so people not present in WikiUsers (not registered but authenticated) are displayed as UnknownUser

They are supposed to be displayed with their login name (cUID) as it is stored in the topic UNLESS the $Foswiki::cfg{RenderLoggedInButUnknownUsers} is false (which is the default)

This is a serious security issue because it basically means that half of my users appear to be able to edit pages anonymously. So serious that I am now reverting back to 1.1.3

We need this fixed very quickly and a patch made available on the download page.

-- KennethLavrsen - 25 Jan 2012

As Paul pointed out on IRC, this is most certainly NOT what's happening, but more Item11091 which forces you to touch the ,v files after playing around with the .txt.

-- OlivierRaginel - 25 Jan 2012

After some discussion on IRC, I think this might be the result of Item11091 which cleans up TOPICINFO on mauled .txt files; see distro:5a79947c9bfd

-- PaulHarvey - 25 Jan 2012

This is confirmed. It was because I had modified more than 1000 topics by search and replace to fix the consequences of another bug

-- KennethLavrsen - 25 Jan 2012

So can we close that one as No Action then?

-- OlivierRaginel - 25 Jan 2012

I have merged with Item11454, and updated that task to address the concerns raised here.

These concerns need to be in the same task because they have the same cause, and hopefully the same fix.

Also re-titled this bug to more accurately reflect the underlying problem.

-- PaulHarvey - 27 Jan 2012
 

ItemTemplate edit

Summary Author is shown as UnknownUser on topics where .txt has been mauled by an external process
ReportedBy KennethLavrsen
Codebase 1.1.4, 1.1.4 RC2, 1.1.4 RC1, 1.1.4 beta2, 1.1.4 beta1, trunk
SVN Range
AppliesTo Engine
Component
Priority Urgent
CurrentState No Action Required
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
Release01x01Checkins
Topic revision: r7 - 28 Feb 2012, GeorgeClark - This page was cached on 23 Oct 2021 - 22:41.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy