 |
|
Item13363: EditRowPlugin: Insecure dependency in eval while running with -T switch
Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Extension
Component:
Branches: master
Component:
Branches: master
| 2015-04-09T09:13:38Z warning | Insecure dependency in eval while running with -T switch at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Table.pm line 468.
at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Table.pm line 468.
Foswiki::Plugins::EditRowPlugin::Table::getEditor('HASH(0x697d9e8)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/TableCell.pm line 59
Foswiki::Plugins::EditRowPlugin::TableCell::render('Foswiki::Plugins::EditRowPlugin::TableCell=HASH(0x697df40)', 'HASH(0x691a7d8)', 'HASH(0x691a9e8)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/TableRow.pm line 172
Foswiki::Plugins::EditRowPlugin::TableRow::render('Foswiki::Plugins::EditRowPlugin::TableRow=HASH(0x697b4b0)', 'HASH(0x691a7d8)', 'HASH(0x691a9e8)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Table.pm line 297
Foswiki::Plugins::EditRowPlugin::Table::render('Foswiki::Plugins::EditRowPlugin::Table=HASH(0x697d8e0)', 'HASH(0x1e76ba0)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/View.pm line 205
Foswiki::Plugins::EditRowPlugin::View::process('...\x{a}\x{a}de-DE\x{a}de\x{a}<pre><sticky>\x{e2}\x{99}\x{80}</sticky></pre>\x{a}\x{a}&l...', 'Main', 'AdminUser', 'Foswiki::Meta=HASH(0x48ea110)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin.pm line 86
Foswiki::Plugins::EditRowPlugin::commonTagsHandler('...\x{a}\x{a}de-DE\x{a}de\x{a}<pre><sticky>\x{e2}\x{99}\x{80}</sticky></pre>\x{a}\x{a}&l...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x48ea110)') called at /var/www/foswiki/lib/Foswiki/Plugin.pm line 294
Foswiki::Plugin::invoke('Foswiki::Plugin=HASH(0x3d04578)', 'commonTagsHandler', '...\x{a}\x{a}de-DE\x{a}de\x{a}<pre><sticky>\x{e2}\x{99}\x{80}</sticky></pre>\x{a}\x{a}&l...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x48ea110)') called at /var/www/foswiki/lib/Foswiki/Plugins.pm line 341
Foswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x2562f68)', 'commonTagsHandler', '...\x{a}\x{a}de-DE\x{a}de\x{a}<pre><sticky>\x{e2}\x{99}\x{80}</sticky></pre>\x{a}\x{a}&l...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x48ea110)') called at /var/www/foswiki/lib/Foswiki.pm line 3347
Foswiki::expandMacros('Foswiki=HASH(0x2518eb0)', '%NATWEBLOGO{format="..."}%\x{a}\x{a}%LANG%\x{a}%LANGUAGE%\x{a}<pre><sticky...', 'Foswiki::Meta=HASH(0x48ea110)') called at /var/www/foswiki/lib/Foswiki/Meta.pm line 3103
Foswiki::Meta::expandMacros('Foswiki::Meta=HASH(0x48ea110)', '%NATWEBLOGO{format="..."}%\x{a}\x{a}%LANG%\x{a}%LANGUAGE%\x{a}<pre><sticky...') called at /var/www/foswiki/lib/Foswiki/UI/View.pm line 412
Foswiki::UI::View::_prepare('%NATWEBLOGO{format="..."}%\x{a}\x{a}%LANG%\x{a}%LANGUAGE%\x{a}<pre><sticky...', 'Foswiki::Meta=HASH(0x48ea110)', 0) called at /var/www/foswiki/lib/Foswiki/UI/View.pm line 392
Foswiki::UI::View::view('Foswiki=HASH(0x2518eb0)') called at /var/www/foswiki/lib/Foswiki/UI.pm line 316
Foswiki::UI::__ANON__() called at /usr/share/perl5/Error.pm line 416
eval {...} called at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0x17c71f8)', 'HASH(0x2518a90)') called at /var/www/foswiki/lib/Foswiki/UI.pm line 435
Foswiki::UI::_execute('Foswiki::Request=HASH(0x24badb0)', 'CODE(0x1b5bda8)', 'view', 1) called at /var/www/foswiki/lib/Foswiki/UI.pm line 274
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x24badb0)') called at /var/www/foswiki/lib/Foswiki/Engine/CGI.pm line 74
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x1c9d208)') called at /var/www/foswiki/bin/view line 24.
After removing the -T switch from /bin/view it works.
-- BertoldAltaner - 09 Apr 2015
Only visible on 1.1.9, which doesn't handle tainted data very well.
Fixed in 3.31
-- Main.CrawfordCurrie - 11 Apr 2015 - 06:21
-- BertoldAltaner - 12 Apr 2015
Hi,
ok - this version fixes my tainted problem - but now I get the Foswiki::Plugins::editRowPlugin::html problem only when I use the textarea format like in:
This example doesn't work correct on foswiki.org! Please click on the edit button! (I think...)
2015-04-12T09:54:01Z warning | Undefined subroutine &Foswiki::Plugins::editRowPlugin::html called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm line 30.
at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm line 30.
Foswiki::Plugins::EditRowPlugin::Editor::textarea::htmlEditor('Foswiki::Plugins::EditRowPlugin::Editor::textarea=HASH(0x5c36...', 'Foswiki::Plugins::EditRowPlugin::TableCell=HASH(0x5c1a9d8)', 'HASH(0x5be1070)', 'Foswiki::Plugins::EditRowPlugin::TableRow=HASH(0x5c170d0)', 07.04.2015) called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/TableCell.pm line 64
Foswiki::Plugins::EditRowPlugin::TableCell::render('Foswiki::Plugins::EditRowPlugin::TableCell=HASH(0x5c1a9d8)', 'HASH(0x5be3828)', 'HASH(0x5b67d58)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/TableRow.pm line 172
Foswiki::Plugins::EditRowPlugin::TableRow::render('Foswiki::Plugins::EditRowPlugin::TableRow=HASH(0x5c170d0)', 'HASH(0x5be3828)', 'HASH(0x5b67d58)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Table.pm line 283
Foswiki::Plugins::EditRowPlugin::Table::render('Foswiki::Plugins::EditRowPlugin::Table=HASH(0x5be0f08)', 'HASH(0x5bd5c38)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/View.pm line 187
Foswiki::Plugins::EditRowPlugin::View::process('...\x{a}\x{a}de-DE\x{a}de\x{a}\x{a}<pre><sticky>\x{e2}\x{99}\x{80}</sticky></pre>\x{a}\x{a}&...', 'Main', 'AdminUser', 'Foswiki::Meta=HASH(0x26faf40)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin.pm line 86
Foswiki::Plugins::EditRowPlugin::commonTagsHandler('...\x{a}\x{a}de-DE\x{a}de\x{a}\x{a}<pre><sticky>\x{e2}\x{99}\x{80}</sticky></pre>\x{a}\x{a}&...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x26faf40)') called at /var/www/foswiki/lib/Foswiki/Plugin.pm line 294
Foswiki::Plugin::invoke('Foswiki::Plugin=HASH(0x2f557e8)', 'commonTagsHandler', '...\x{a}\x{a}de-DE\x{a}de\x{a}\x{a}<pre><sticky>\x{e2}\x{99}\x{80}</sticky></pre>\x{a}\x{a}&...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x26faf40)') called at /var/www/foswiki/lib/Foswiki/Plugins.pm line 341
Foswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x17a7098)', 'commonTagsHandler', '...\x{a}\x{a}de-DE\x{a}de\x{a}\x{a}<pre><sticky>\x{e2}\x{99}\x{80}</sticky></pre>\x{a}\x{a}&...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x26faf40)') called at /var/www/foswiki/lib/Foswiki.pm line 3347
Foswiki::expandMacros('Foswiki=HASH(0xb1f278)', '%NATWEBLOGO{format="..."}%\x{a}\x{a}%LANG%\x{a}%LANGUAGE%\x{a}\x{a}<pre><stick...', 'Foswiki::Meta=HASH(0x26faf40)') called at /var/www/foswiki/lib/Foswiki/Meta.pm line 3103
Foswiki::Meta::expandMacros('Foswiki::Meta=HASH(0x26faf40)', '%NATWEBLOGO{format="..."}%\x{a}\x{a}%LANG%\x{a}%LANGUAGE%\x{a}\x{a}<pre><stick...') called at /var/www/foswiki/lib/Foswiki/UI/View.pm line 412
Foswiki::UI::View::_prepare('%NATWEBLOGO{format="..."}%\x{a}\x{a}%LANG%\x{a}%LANGUAGE%\x{a}\x{a}<pre><stick...', 'Foswiki::Meta=HASH(0x26faf40)', 0) called at /var/www/foswiki/lib/Foswiki/UI/View.pm line 392
Foswiki::UI::View::view('Foswiki=HASH(0xb1f278)') called at /var/www/foswiki/lib/Foswiki/UI.pm line 316
Foswiki::UI::__ANON__() called at /usr/share/perl5/Error.pm line 416
eval {...} called at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0xa0d2d8)', 'HASH(0x175b3c0)') called at /var/www/foswiki/lib/Foswiki/UI.pm line 435
Foswiki::UI::_execute('Foswiki::Request=HASH(0x1701020)', 'CODE(0x169e310)', 'view', 1) called at /var/www/foswiki/lib/Foswiki/UI.pm line 274
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x1701020)') called at /var/www/foswiki/lib/Foswiki/Engine/CGI.pm line 74
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0xeb62b8)') called at /var/www/foswiki/bin/view line 24.
-- BertoldAltaner - 12 Apr 2015
Hi,
I have installed an new fresh foswiki1.2.0-beta1 on a different server. With
I get following error:
| 2015-04-13T18:11:39+02:00 warning | Undefined subroutine &Foswiki::Plugins::editRowPlugin::html called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm line 30.
at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm line 30.
Foswiki::Plugins::EditRowPlugin::Editor::textarea::htmlEditor('Foswiki::Plugins::EditRowPlugin::Editor::textarea=HASH(0x4759...', 'Foswiki::Plugins::EditRowPlugin::TableCell=HASH(0x473e540)', 'HASH(0x4a75730)', 'Foswiki::Plugins::EditRowPlugin::TableRow=HASH(0x473e270)', 'Short, with sightly concave upper surface, and devilish nuts') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/TableCell.pm line 64
Foswiki::Plugins::EditRowPlugin::TableCell::render('Foswiki::Plugins::EditRowPlugin::TableCell=HASH(0x473e540)', 'HASH(0x4759c88)', 'HASH(0x4a094e8)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/TableRow.pm line 172
Foswiki::Plugins::EditRowPlugin::TableRow::render('Foswiki::Plugins::EditRowPlugin::TableRow=HASH(0x473e270)', 'HASH(0x4759c88)', 'HASH(0x4a094e8)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/Table.pm line 282
Foswiki::Plugins::EditRowPlugin::Table::render('Foswiki::Plugins::EditRowPlugin::Table=HASH(0x4a755c8)', 'HASH(0x4a79ec0)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin/View.pm line 187
Foswiki::Plugins::EditRowPlugin::View::process('---+ Wiki Administrator User\x{a}%EDITTABLE{ format="&vbar; label,12 &vbar;...', 'Main', 'AdminUser', 'Foswiki::Meta=HASH(0x40a00d0)') called at /var/www/foswiki/lib/Foswiki/Plugins/EditRowPlugin.pm line 86
Foswiki::Plugins::EditRowPlugin::commonTagsHandler('---+ Wiki Administrator User\x{a}%EDITTABLE{ format="&vbar; label,12 &vbar;...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x40a00d0)') called at /var/www/foswiki/lib/Foswiki/Plugin.pm line 312
Foswiki::Plugin::invoke('Foswiki::Plugin=HASH(0x320eae0)', 'commonTagsHandler', '---+ Wiki Administrator User\x{a}%EDITTABLE{ format="&vbar; label,12 &vbar;...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x40a00d0)') called at /var/www/foswiki/lib/Foswiki/Plugins.pm line 380
Foswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x2915508)', 'commonTagsHandler', '---+ Wiki Administrator User\x{a}%EDITTABLE{ format="&vbar; label,12 &vbar;...', 'AdminUser', 'Main', 0, 'Foswiki::Meta=HASH(0x40a00d0)') called at /var/www/foswiki/lib/Foswiki.pm line 3698
Foswiki::expandMacros('Foswiki=HASH(0x2915310)', '---+ Wiki Administrator User\x{a}%EDITTABLE{ format="&vbar; label,12 &vbar;...', 'Foswiki::Meta=HASH(0x40a00d0)') called at /var/www/foswiki/lib/Foswiki/Meta.pm line 3351
Foswiki::Meta::expandMacros('Foswiki::Meta=HASH(0x40a00d0)', '---+ Wiki Administrator User\x{a}%EDITTABLE{ format="&vbar; label,12 &vbar;...') called at /var/www/foswiki/lib/Foswiki/UI/View.pm line 522
Foswiki::UI::View::_prepare('---+ Wiki Administrator User\x{a}%EDITTABLE{ format="&vbar; label,12 &vbar;...', 'Foswiki::Meta=HASH(0x40a00d0)', 0) called at /var/www/foswiki/lib/Foswiki/UI/View.pm line 502
Foswiki::UI::View::view('Foswiki=HASH(0x2915310)') called at /var/www/foswiki/lib/Foswiki/UI.pm line 374
Foswiki::UI::__ANON__() called at /usr/share/perl5/Error.pm line 416
eval {...} called at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0x2292fa0)', 'HASH(0x31e3fc8)') called at /var/www/foswiki/lib/Foswiki/UI.pm line 500
Foswiki::UI::_execute('Foswiki::Request=HASH(0x3172a28)', 'CODE(0x3144698)', 'view', 1) called at /var/www/foswiki/lib/Foswiki/UI.pm line 326
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x3172a28)') called at /var/www/foswiki/lib/Foswiki/Engine/CGI.pm line 98
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x2929af8)') called at /var/www/foswiki/bin/view line 29.
-- BertoldAltaner - 13 Apr 2015
Please try the following fix to the plugin. Replace line 30 with the call to Foswiki::Render.
diff --git a/EditRowPlugin/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm b/EditRowPlugin/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm
index 6afb1cb..d2f5015 100644
--- a/EditRowPlugin/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm
+++ b/EditRowPlugin/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm
@@ -27,7 +27,7 @@ sub htmlEditor {
$tmptext =~ s#<br( /)?>#\r\n#gi;
$tmptext =~ s/%BR%/\r\n/gi;
- return Foswiki::Plugins::editRowPlugin::html(
+ return Foswiki::Render::html(
'textarea',
{
class => 'erpJS_input',
-- GeorgeClark - 13 Apr 2015
Hi,
thanks - that works for me with version 1.2.0-beta1. It seems I have to switch as soon as possible to 1.2
-- BertoldAltaner - 13 Apr 2015
Thus, you confirm that EditRowPlugin is broken for FW1.1.9 ??
I recently did update of various plugins under FW1.1.9, and "Undefined subroutine &Foswiki::Plugins::editRowPlugin::html" is one of the appeared problems.
-- ValentinKozlov - 04 May 2015
What seems to solve "editRowPlugin::html" problem is to change in yourFoswikiPath/lib/Foswiki/Plugins/EditRowPlugin/Editor/textarea.pm
return Foswiki::Plugins::editRowPlugin::html( 'textarea',
to
return CGI::textarea(
-- ValentinKozlov - 04 May 2015
ItemTemplate edit
| Summary | EditRowPlugin: Insecure dependency in eval while running with -T switch |
| ReportedBy | BertoldAltaner |
| Codebase | 1.1.9 |
| SVN Range | |
| AppliesTo | Extension |
| Component | |
| Priority | Normal |
| CurrentState | Closed |
| WaitingFor | |
| Checkins | distro:285ca8805c42 |
| TargetRelease | n/a |
| ReleasedIn | n/a |
| CheckinsOnBranches | master |
| trunkCheckins | |
| masterCheckins | distro:285ca8805c42 |
| ItemBranchCheckins | |
| Release01x01Checkins |
Edit | Attach | Print version | History: r9 < r8 < r7 < r6 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r9 - 04 May 2015, ValentinKozlov
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy