and the related debian cve show that we should avoid writing session files un-necessarily, as that leads to needing looser file and dir permissions than sensible, thus allowing a lookin for hackers.
- 15 Nov 2007
Session files are not written when the
context is set (which it should be automatically for all scripts invoked from the command-line via UI.pm). Scripts that do not
go via UI.pm - such as
themselves. The only other scripts that I'm aware of that might have a problem are the tests, and most of the time we deliberately want
the tests to use a query / session. Some other scripts, such as mailnotify, have been sloppily written and don't set
. So I have modified TWiki.pm to set
if no other initial context is given, and there is no query. I believe that should answer.
Checkins Rev:15712 Rev:15713 mistakenly attributed to 4982