You are here: Foswiki>Tasks Web>Item13583 (10 Oct 2015, GeorgeClark)Edit Attach

Item13583: Login form populated with incorrect path info.

Priority: Urgent
Current State: Closed
Released In: 2.0.2
Target Release: patch
Applies To: Engine
Component: FoswikiRequestCache
Branches: master Item13525
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
-- GeorgeClark - 29 Jul 2015

From IRC:
(04:31:45 PM) gac410: jomo,  by bet is we've got another utf8 error waiting here:
(04:32:46 PM) gac410: I'm guessing that it should be opened for utf8,   unless the request is already encoded
(04:33:20 PM) jomo: hm never used the cache yet
(04:33:59 PM) gac410: It's used during certain redirects.  Login required during an upload for eg.   
(04:34:17 PM) gac410: This is not the page cache.  
(04:34:28 PM) jomo: ah so...
(04:34:34 PM) jomo: wondering how to test
(04:35:36 PM) gac410: maybe get ready to attach a utf8 file to a utf8 topic,  but delete your cgisess_ file.  Then try upload.  It should cache your request,  authenticate, and then come back to the upload ....   I think.
(04:36:01 PM) jomo: maybe not - Cdot decided NOT decode ENV e.g. the PATH_INFO is still bytes (but im not sure)..
(04:36:29 PM) gac410: ah yeah.   probably safe then.
(04:36:59 PM) jomo: going to experiment
(04:40:35 PM) jomo: Do you have an incredibly good "nose"!!!
(04:40:37 PM) jomo: Attention
(04:40:37 PM) jomo: "Sandbox.ŽuŽu" topic does not exist
(04:40:51 PM) jomo: the topic is called as ŽuŽu
(04:42:12 PM) jomo: repo - create a unicode topicname, press attach, prepare the upload (fill all things), delete the cookies, press the attach button, -> redirect -> login -> error

-- GeorgeClark - 29 Jul 2015

After working on this for hours, I'm getting no closer. path_info is bytes, not characters, so it writes to the cache just fine. I don't think that's the issue. But somehow the topic name gets double-encoded on return from the login redirect.

I'm a bit concerned about processing of the path_info in Engine::CGI and other places. We do character / string manipulation of the path without first decoding it into characters. For ex. Engine::CGI looks for and truncates any quotes in the path.

-- GeorgeClark - 30 Jul 2015

Downgrading this to Normal... The redirect process during an upload works fine for a "strikeone" redirect. it's only the authentication redirect that breaks, and only when redirecting during an upload after the cookie has been invalidate. The corrupted path_name is worrying, but CDot pointed out that in this situation the session id changes, which will probably break things anyway.

Leaving it waiting for feedback.

-- GeorgeClark - 31 Jul 2015

I don't think this is anything to do with the cache. I think it's to do with whatever fills in the form in the login page, it looks like it's saving a URL with a UTF-8 path as bytes.

-- Main.CrawfordCurrie - 07 Sep 2015 - 13:26

Bumping this back to urgent. As of Sept. 7 release meeting, Crawford considers it a blocker.

-- GeorgeClark - 07 Sep 2015

Changed the summary from "Foswiki::Request::Cache fails to correctly cache/restore utf8 topic names" which is wrong.

The problem is that the PATH_INFO macro used (only) in the login form is expanded incorrectly to a byte string. It needs encoding.

Note that upload through a login still doesn't work, as it appears the temp file is deleted from the CGI cache. But that's a different problem.

-- Main.CrawfordCurrie - 08 Sep 2015 - 08:49
Topic revision: r10 - 10 Oct 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy