When trying to save the configure settings, configure dies with this message in apache error log:
[error] [client 198.1.1.106] configure: Unmatched [ in regex; marked by <-- HERE in m/^[ <-- HERE ^\\s\\*?~^\\$@%`/ at /var/www/twiki/lib/TWiki/Configure/Types/REGEX.pm line 55, <DATA> line 1.
Cause: Raw text is put into input field, which terminates a regex string prematurely if the regex contains a double quote, as is the case with
{LoginNameFilterIn}
and
{NameFilter}
.
This bug was introduced by
Item7067.
Fix: Entity encode
'
,
"
,
&
,
<
,
>
before adding regex value to input field.
--
TWiki:Main/PeterThoeny
- 2012-12-28
Patch:
--- lib/TWiki/Configure/Types/REGEX.pm (revision 24484)
+++ lib/TWiki/Configure/Types/REGEX.pm (working copy)
@@ -44,6 +44,8 @@
# while ( $value =~ s/^\(\?\^:(.*)\)/$1/ ) { }
# $value =~ s/([[\x01-\x09\x0b\x0c\x0e-\x1f"%&'*<=>@[_\|])/'&#'.ord($1).';'/ge;
+ $value =~ s/(['"&<>])/'&#'.ord($1).';'/ge; # escape basic chars for input field
+
my $res = '<input name="'.$id.'" type="text" size="55%" value="'.$value.'" />';
return $res;
}
--
TWiki:Main/PeterThoeny
- 2012-12-28