Item1787: Web and Topic parsing not sensitive to REST urls

pencil
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Extension
Component:
Branches:
Reported By: PhilippHoppen
Waiting For:
Last Change By: CrawfordCurrie
A plugin that uses REST will send request urls like foswiki/bin/rest/SkillsPlugin/getCategories. The code in Foswiki.pm will wrongly parse from this a web name of SkillsPlugin:

       if ( $pathInfo =~ m#^/(.*)[./](.*?)$# ) {
   
           # is '/Webname/SomeTopic' or '/Webname'
           # implicit untaint OK - validated later
           $web   = $1 unless $web;
           $topic = $2 unless $topic;
           $web =~ s/\./\//g;
       }
       elsif ( $pathInfo =~ m#^/(.*?)$# ) {
   
           # is 'bin/script/Webname' or 'bin/script/'
           # implicit untaint OK - validated later
           $web = $1 unless $web;
       }

Plugins that rely on a correct web name (like XpTrackerPlugin) will not work properly. As a workaround i check the following condition before executing the above code:

    if ($url !~ m/bin\/rest/) {
     ...
     }

-- PhilippHoppen - 02 Jul 2009

According to CommandAndCGIScripts#rest there is no web- or topicname in the path fragment of the url. If you want to set a web- and topicname, you have to pass them through the topic parameter.

-- OliverKrueger - 02 Jul 2009

According to this link, if the topic parameter is not specified Main.WebHome is passed to the plugins. But this is not true, at least initPlugin() receives a web name that was parsed from the url.

-- PhilippHoppen - 03 Jul 2009

I think, that's a problem with the SkillsPlugin. Crawling through the code I can see, that the topic parameter is parsed, but there seems to be missing some code which handles the case, that the topic param is not set.

Setting WaitingFor to AndrewJones, cause he is the author/maintainer of that plugin.

-- OliverKrueger - 03 Jul 2009

Thanks for the bug report. Sorry I haven't had time to look at this, will hopefully find some time at the weekend.

-- AndrewJones - 13 Jul 2009

This is not a bug with the SkillsPlugin, it's a bug with the rest code, which shouldn't allow that path info to be passed in to plugins. The SkillsPlugin is doing what it's supposed to.

-- CrawfordCurrie - 17 Jul 2009

I believe correct handling of the ?topic= parameter deals with this.

-- CrawfordCurrie - 16 Aug 2012

ItemTemplate edit

Summary Web and Topic parsing not sensitive to REST urls
ReportedBy PhilippHoppen
Codebase 1.0.5
SVN Range Foswiki-1.0.0, Thu, 08 Jan 2009, build 1878
AppliesTo Extension
Component
Priority Normal
CurrentState No Action Required
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
Release01x01Checkins
Topic revision: r7 - 16 Aug 2012, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy