cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item935 (04 Oct 2010, KennethLavrsen)Edit Attach

Item935: Func::saveTopicText ignorepermissions is not working as advertised

pencil
Priority: Urgent
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component:
Branches:
Reported By: OliverKrueger
Waiting For:
Last Change By: KennethLavrsen
Func::saveTopicText() 's ignore-permission-feature does not work as advertised. If you set $ignorePermissions to 1, Func::saveTopicText() will not check permissions, but the underlying Save::saveTopic() will.

I don't know, if this ever worked. Obviously nobody is missing it.

If somebody confirms this behaviour, I will clarify the inline docco.

It's easy to circumvent this problem with the following code:

# sudo :)
my $user_backup = $session->{user};
$session->{user} = Foswiki::Func::getCanonilcaUserID("SomePriviledgedUser"));

my $oops = Foswiki::Func::saveTopicText( $web, $topic, $text, 0, 0 );

# un-sudo
$session->{user} = $user_backup;

Dunno how this ended up as low priority. Raised to Urgent. MichaelDaum noted that this function also ends up with permissions being checked twice.

-- CrawfordCurrie - 24 Jul 2009

This behaviour is actually different in trunk; the access rights that are checked are those expressed in the new topic text, instead of the old. I assume from the date of Oliver's report that he was testing 1.0.x, so that must be something different. I have added a unit test to 1.1.

-- CrawfordCurrie - 06 Aug 2009

ignorepermissions is not checked for saveTopic

-- CrawfordCurrie - 02 Sep 2010

ItemTemplate edit

Summary Func::saveTopicText ignorepermissions is not working as advertised
ReportedBy OliverKrueger
Codebase
SVN Range Foswiki-1.0.0, Thu, 08 Jan 2009, build 1878
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:cf4b9b6242f1 distro:2e1a286b80d2
TargetRelease minor
ReleasedIn 1.1.0
Topic revision: r11 - 04 Oct 2010, KennethLavrsen - This page was cached on 23 Mar 2018 - 01:35.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License