cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item567 (08 Jan 2009, KwangErnLiew)Edit Attach

Item567: LoginManager not working with IP matching because of code error in Foswiki's interface to CGI::Session

pencil
Priority: Urgent
Current State: Closed
Released In: 1.0.0
Target Release: patch
Applies To: Engine
Component:
Branches:
Reported By: TWiki:Main/MarkLoveridge
Waiting For: Main.KennethLavrsen
Last Change By: KwangErnLiew
Transferred from TWikibug:Item6158 by KennethLavrsen


I'm in the process of upgrading from TWiki 4.0.4 to TWiki 4.2.4 and ran into an error when testing the PublishContrib. Note that although I only see problems with PublishContrib I don't think it's actually related to the code in there. The error I see is:

 ERROR: WebHome not published: "-ip_match" is
not exported by the CGI::Session module
Can't continue after import errors at (eval 125) line 1
BEGIN failed--compilation aborted at (eval 125) line 1. at (eval 125)
line 1 eval 'use CGI::Session qw(-ip_match); use CGI::Cookie
;' called at /var/www/html/twiki/lib/TWiki/LoginManager.pm line 123
TWiki::LoginManager::makeLoginManager('TWiki=HASH(0x1cfd2b0)') called
at /var/www/html/twiki/lib/TWiki/Users.pm line 110
TWiki::Users::new('TWiki::Users', 'TWiki=HASH(0x1cfd2b0)') called at
/var/www/html/twiki/lib/TWiki.pm line 1294 TWiki::new('TWiki',
'TWikiAdminUser', 'CGI=HASH(0x518e90)') called at
/var/www/html/twiki/lib/TWiki/Contrib/Publish.pm line 605
TWiki::Contrib::Publish::publishTopic('TWiki::Contrib::Publish=HASH(0x19e6eb0)',
'WebHome', '.html', 'view',
'\x{a}%TEXT%\x{a}---\x{a}%META{"form}%\x{a}---\x{a}%META{"attachments"}%\x{a}',
'HASH(0xac0760)') called at
/var/www/html/twiki/lib/TWiki/Contrib/Publish.pm line 548
TWiki::Contrib::Publish::__ANON__() called at
/var/www/html/twiki/lib/CPAN/lib//Error.pm line 379 eval {...} called
at /var/www/html/twiki/lib/CPAN/lib//Error.pm line 371
Error::subs::try('CODE(0x1ce2280)', 'HASH(0x1ce4280)') called at
/var/www/html/twiki/lib/TWiki/Contrib/Publish.pm line 556
TWiki::Contrib::Publish::publishUsingTemplate('TWiki::Contrib::Publish=HASH(0x19e6eb0)',
'view') called at /var/www/html/twiki/lib/TWiki/Contrib/Publish.pm line
424
TWiki::Contrib::Publish::publishWeb('TWiki::Contrib::Publish=HASH(0x19e6eb0)',
'WebHome') called at /var/www/html/twiki/lib/TWiki/Contrib/Publish.pm
line 61 TWiki::Contrib::Publish::publish('TWiki=HASH(0x523c10)') called
at /var/www/html/twiki/lib/TWiki/UI.pm line 159 TWiki::UI::__ANON__()
called at /var/www/html/twiki/lib/CPAN/lib//Error.pm line 379 eval
{...} called at /var/www/html/twiki/lib/CPAN/lib//Error.pm line 371
Error::subs::try('CODE(0x506410)', 'HASH(0x19e6cb0)') called at
/var/www/html/twiki/lib/TWiki/UI.pm line 197
TWiki::UI::run('CODE(0x781bf0)') called

My new web server is a clone of the existing system and is running RHEL 4 Update 7. I have the CGI::Session from perl-CGI-Session-4.00_08-1.2.el4.rf installed from http://dag.wieers.com/rpm/packages/perl-CGI-Session/ (like others I've fallen foul of the fact that later versions require postrgres....)

Observations/Issues:
  • The error goes away if I remove the perl-CGI-Session RPM and drop back to the version of CGI::Session distributed with 4.2.4 I don't see anything in the Upgrade guides documenting the fact that CGI::Session is distributed with 4.2.4 and that people might like to review their usage of older CGI::Session installations
  • The installation guide implies that any version of CGI::Session >= 3.95 is usable, however, the use of -ip_match doesn't appear to be in the version of CGI::Session that I'm using (4.00_08); hence the requirement appears to be at least that
  • There is a typo in the use of ip_match in LoginManager.pm - the code has -ip-match, not -ip_match as expected by CGI::Session
  • LoginManager.pm does a test for the version of CG::Session (ca. line 304). This generates many errors when I have the RPM version installed as it complains that the argument 4.00_08 is not numeric
Clearly I have a straightforward resolution for my current problems. However, I definitely think there are some issues with the documentation and there is at least one bug in LoginManager.pm which will stop the IP match check working as advertised (BTW, I don't see any documentation of or any way of changing the other session related variables in LocalSite.cfg)

-- TWiki:Main/MarkLoveridge - 24 Dec 2008

An old buggy CGI-Session we cannotg do much about but we should at least fix the code error he talks about.

Need to verify that he is right naturally

He is right

I will fix.

I will also find out when -ip_match was introduced in CGI::Session so we get the right version dependency.

On CGI::Session versions. 3.95 had -ip_match.

His 4.00_08 is a development version and in that it appears missing.

In the real 4.00 it was back. So running with a dev version of a CPAN lib seems to be something we should not trouble ourselves with documenting.

I will check in the code fix and set waiting for release.

ItemTemplate edit

Summary LoginManager not working with IP matching because of code error in Foswiki's interface to CGI::Session
ReportedBy TWiki:Main/MarkLoveridge
Codebase trunk
SVN Range TWiki-4.2.3, Wed, 06 Aug 2008, build 17396
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor KennethLavrsen
Checkins distro:b835ea8927dd
TargetRelease patch
ReleasedIn 1.0.0
Topic revision: r3 - 08 Jan 2009, KwangErnLiew - This page was cached on 22 Mar 2018 - 23:07.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License