• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item3486: Possible to create topics with unsupported characters

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Normal Closed   minor 4.2.0

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

One of my users managed to inadvertantly create a page which started with '[' (by writing a link like [[[PageName][This is a page]], with 3 leading brackets instead of 2. Quite a surprise that TWiki went ahead and created the page with the leading bracket in its filename. Unfortunately any attempt to rename it within TWiki fails with an "Unmatched [ in regex" error at (at least) two locations: Render.pm line 1773, and Search.pm line 285.

Render.pm should be an easy fix; use quotemeta on the web and page names before making them into REs. Search.pm is less obvious because it must be in 'regex' search mode, otherwise quotemeta would have been used. I don't have time to look into this now, especially as I suspect there may be other cases where pagenames and web names are used in REs without being quoted.


I can confirm this this error is also in 4.1.0

You get regex failure the minute you hit "More action" link. And this seems like something that could happen often. I find many garbage filenames created at work. Now we know why.

Patch candidate

KJL

For 4.1.1 we choose the simple approach to prevent the bracket syntax from creating a new topic link with a bracket in it.

But it does not prevent creating these wrongly named topics. But it removes urgentcy

-- KJL

Elevating back to urgent. With the edit link I can violate any common sense in topic names. I was sure earlier versions had a filter that prevented illegal characters.

We need at least some common sense back.

-- KJL

Is the name filter not working? We need to be carful when fxing this bug so that we are not affecting I18N.

I changed the summary to reflect the change in scope.

-- PTh

Yes. We do not want to impose some English only rule and no limitation on special characters that are not necessary.

But right now you can create topics like [Hello -GoForIt My\ponyshow

We need as a minimum to enforce the first letter to be an Uppercase letter (any language so not [A-Z]) and we need to filter off certain characters. I would think that the upper case initial combined with similar filter as used for attachments would be a good spec.

But yes we need to define the spec first.

Note that the browser sends the special characters to TWiki URL encoded. Do we have a check today? And does work before or after URL decoding? Where is the file name checked when you create a topic. It must be both then you run edit and hit the save button that we need to check.

-- TWiki:Main.KennethLavrsen - 31 Jan 2007

Degrading to normal. This is not a release blocker for 4.1.1 patch release.

-- TWiki:Main.PeterThoeny - 03 Feb 2007

I can't reproduce this in MAIN, even creating a topic with meta in the name on disc.

Looks like squabs are filtered now. There are a couple of checkins associated with this bug that seem to be the fix. The checkins say "we should prevent this on the receiving side" but I have no idea what that means, and I can't reproduce any problem so I'm closing this.

CC

ItemTemplate
Summary Possible to create topics with unsupported characters
ReportedBy TWiki:Main.BenWheeler
Codebase 4.0.4, 4.1.0, ~twiki4
SVN Range TWiki-4.1.0, Mon, 22 Jan 2007, build 12595
AppliesTo Engine
Component

Priority Normal
CurrentState Closed
WaitingFor

Checkins 12669 12670
TargetRelease minor
ReleasedIn 4.2.0
Edit | Attach | Watch | Print version | History: r13 < r12 < r11 < r10 < r9 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r13 - 2008-01-22 - KennethLavrsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback