Item5791: Topics using parenthesis in name cause regex errors
Priority: Normal
Current State: Closed
Released In: 1.0.5
Target Release: patch
Applies To: Engine
Component: Core
Branches:
Topics created with parenthesis in the topic name, such as
NewTest(Topic) break TWiki
On 4.1.2, this seems to impact rename of other unrelated topics if the rename attempts to move the topic to another Web. A user who renames
MyTestTopic from Sandbox to the Main web, and either web contains the
NewTest(Topic) the rename of the topic will succeed, but then the rename script fails with premature end, and the user is either reported a 500 internal error, or in some cases gets a regular expression error with the
NewTest( <===HERE reporting unmatched parenthesis.
On 5.0.0 17046 running from an SVN checkout of trunk, it is impossible to access the Rename menu once the incorrect topic has been created.. The "More Topic Actions" page fails with:
TWiki detected an internal error - please check your TWiki logs and webserver logs for more information.
path -E -i -l -H -- %TOKEN|U% %FILES|F% Grep for '%META:TOPICPARENT[{].*name=\"(Main\.)?WebHome\".*[}]%' returned error
and in the server error log:
/bin/grep -E -i -l -H -- %TOKEN|U% %FILES|F% Grep for '%META:TOPICPARENT[{].*name=\"(Main\.)?AnotherTopic\".*[}]%' returned error at /var/www/SVN/twiki/core/lib/TWiki/Store/SearchAlgorithms/Forking.pm line 85.
At this point even deleting all of the topics created during the test has not restored operation.
Javascript on the topic creator page will block this but persistent users can get around that by using the topic in the URL. This is probably a simple fix by adding \(\) to the default config parameter {NameFilter} Unless the intention is to support parenthesis in topic names.
--
TWiki:Main/GeorgeClark - 17 Jul 2008
We've also found that topics named including a backslash in the name breaks things. So that also needs to be either excluded.
--
TWiki:Main.GeorgeClark - 18 Jul 2008
From what I could see in 4.1.2, the parameter passed in the URL to specify the page being renamed is being inserted directly into the regexp searching for references to it. This would seem to be a security issue as any regexp metacharacters can be inserted; I suggest that all regexp metachacters in the topic name be quoted and possibly the name should also be properly untainted (e.g. by passing it through the
NameFilter).
--
TWiki:Main.IsaacLin - 05 Aug 2008
Closely related to
Item1468, as observed by Isaac.
--
CrawfordCurrie - 20 Apr 2009
I am 100% sure it is the same. I have reproduced this before. In fact it is working with this I got the double ++ topics created.
But I could not recreate the error here today so it must be several factors that has to mix to cause it.
None the less I am pretty sure I have fixed it because the description is the exact same and the error happens exact same way.
--
KennethLavrsen - 20 Apr 2009