Item5311: deep recursion in getEmails()

1. create a user with login name foo
2. create a group foo
3. add user foo to group foo
4. add some %USERINFO% to a test topic ... bam

This situation may occur mostly in user mappers like the LdapContrib where users and groups can be defined that way. In a unix/posix setup, users are often created together with a group of the same name, which then becomes the default group for that user.

The deep recursion happens in TWiki::Users::TWikiUserMapping::getEmails(), a recursive function. By default, TWiki can't distinguish between the user foo and the group foo, and will fall into an infinit recursion expanding all email addresesses of all members of that group. The solution is to add hash parameter that tracks the users getEmails() has already been called for. On the other hand, the next release of LdapContrib will check this situation as well and prevent the creation of groups with names of already existing users.

-- TWiki:Main/MichaelDaum - 01 Feb 2008

Michael this sounds serious. Should the TWikiUserMappingContrib part of the fix be merged to the TWikiRelease04x02 branch?

-- TWiki:Main.KennethLavrsen - 01 Feb 2008

This is barely reproducable without LdapContrib ... which I added a workaround so that it does not trigger this circumstances in the core code anymore.

Nevertheless, the TWikiUserMappingContrib in the 4.2 branch should be updated. Infact, I expect this not to be the last change to this package within the next patch release.

-- TWiki:Main.MichaelDaum - 02 Feb 2008

Will you merge over the relevant changes to TWikiRelease04x02 branch please, Michael?

-- TWiki:Main.KennethLavrsen - 03 Feb 2008

merged - its not a big deal thou, as its somewhat hard to hit.

-- SvenDowideit - 10 Mar 2008

Cleaned "WaitingFor" field.

-- TWiki:Main.GilmarSantosJr - 10 Aug 2008