Item1787: Web and Topic parsing not sensitive to REST urls
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Extension
Component:
Branches:
A plugin that uses REST will send request urls like
foswiki/bin/rest/SkillsPlugin/getCategories
. The code in Foswiki.pm will wrongly parse from this a web name of
SkillsPlugin
:
if ( $pathInfo =~ m#^/(.*)[./](.*?)$# ) {
# is '/Webname/SomeTopic' or '/Webname'
# implicit untaint OK - validated later
$web = $1 unless $web;
$topic = $2 unless $topic;
$web =~ s/\./\//g;
}
elsif ( $pathInfo =~ m#^/(.*?)$# ) {
# is 'bin/script/Webname' or 'bin/script/'
# implicit untaint OK - validated later
$web = $1 unless $web;
}
Plugins that rely on a correct web name (like
XpTrackerPlugin) will not work properly. As a workaround i check the following condition before executing the above code:
if ($url !~ m/bin\/rest/) {
...
}
--
PhilippHoppen - 02 Jul 2009
According to
CommandAndCGIScripts#rest there is no web- or topicname in the path fragment of the url. If you want to set a web- and topicname, you have to pass them through the
topic
parameter.
--
OliverKrueger - 02 Jul 2009
According to this link, if the topic parameter is not specified Main.WebHome is passed to the plugins. But this is not true, at least initPlugin() receives a web name that was parsed from the url.
--
PhilippHoppen - 03 Jul 2009
I think, that's a problem with the
SkillsPlugin. Crawling through the code I can see, that the
topic
parameter is parsed, but there seems to be missing some code which handles the case, that the
topic
param is not set.
Setting
WaitingFor to
AndrewJones, cause he is the author/maintainer of that plugin.
--
OliverKrueger - 03 Jul 2009
Thanks for the bug report. Sorry I haven't had time to look at this, will hopefully find some time at the weekend.
--
AndrewJones - 13 Jul 2009
This is not a bug with the
SkillsPlugin, it's a bug with the rest code, which shouldn't allow that path info to be passed in to plugins.
The
SkillsPlugin is doing what it's supposed to.
--
CrawfordCurrie - 17 Jul 2009
I believe correct handling of the ?topic= parameter deals with this.
--
CrawfordCurrie - 16 Aug 2012