You are here: Foswiki>Tasks Web>Item873 (23 Feb 2009, KennethLavrsen)Edit Attach

Item873: expired cgi session files not deleted

Priority: Urgent
Current State: Closed
Released In: 1.0.1
Target Release: patch
Applies To: Engine
Reported By: ChristianLudwig
Waiting For: Main.KennethLavrsen
Last Change By: KennethLavrsen

Description of the problem

Although is run (e.g. through a cron job) no CGI session files are deleted.


Looking at the method expireDeadSessions in
        my @stat = stat("$Foswiki::cfg{WorkingDir}/tmp/$file");
        my $lat = $stat[9] || $stat[10] || 0;
        unlink $file if ( $time - $lat >= $exp );

The problem is the unlink line. Here the path is missing!
        unlink "$Foswiki::cfg{WorkingDir}/tmp/$file" if ( $time - $lat >= $exp );
Since $file is untainted, I hope there's no problem with my solution, above.

This path is neccessary because the cgisession-files are (normally) not in the current directory. This is especially true, if you use the documented cron-job entry, cf.
# It is intended to be run as a cron job (remember it has to be run
# by a user who can write files created by the webserver user!)
# For example,
# 0 0 * * 0 cd /usr/foswiki/bin && perl ../tools/

-- ChristianLudwig - 26 Jan 2009


I believe the fix you suggested is OK. I came to the exact same solution.

The $file is untainted and I am sure the $Foswiki::cfg{WorkingDir} is considered part of the code files and not tainted either.

This bug is so severe that I will put it on the known issues page.

-- KennethLavrsen - 26 Jan 2009

ItemTemplate edit

Summary expired cgi session files not deleted
ReportedBy ChristianLudwig
Codebase 1.0.0, trunk
SVN Range Foswiki-1.0.0, Thu, 08 Jan 2009, build 1878
AppliesTo Engine
Priority Urgent
CurrentState Closed
WaitingFor KennethLavrsen
Checkins distro:690859996e36
TargetRelease patch
ReleasedIn 1.0.1
Topic revision: r4 - 23 Feb 2009, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy