Bug: Meta Data Handler can't Process CR-LF Line Endings
A meta data line ending in "\r\n" is not recognized as a valid meta data line, it shows up literaly as META:DATA{....} in the topic text. Plugins that manipulate meta data might introduce "\r\n" line endings instead of the default "\n" line ending.Test case
Edit a topic file on the shell level and save with CR-LF line endings; or try the undocumented repRev command (which is broken in the latest Beta release)Environment
| TWiki version: | TWikiRelease01Feb2003 |
| TWiki plugins: | DefaultPlugin, EmptyPlugin, InterwikiPlugin |
| Server OS: | N/A |
| Web server: | N/A |
| Perl version: | N/A |
| Client OS: | Windows |
| Web Browser: | Netscape |
Fix record
Accept "\r\n" and "\n" line endings when parsing the meta data. Change is in TWikiAlphaRelease and at TWiki.org.
*** ./b/lib/TWiki/Meta.pm 2004-01-17 00:23:58.000000000 -0800
--- ./a/lib/TWiki/Meta.pm 2004-01-28 22:23:35.000000000 -0800
***************
*** 298,304 ****
my $newText = "";
! foreach ( split( /\n/, $text ) ) {
if( /^%META:([^{]+){(.*)}%$/ ) { # greedy match for ending "}%"
my $type = $1;
my $args = $2;
--- 298,304 ----
my $newText = "";
! foreach ( split( /\r?\n/, $text ) ) {
if( /^%META:([^{]+){(.*)}%$/ ) { # greedy match for ending "}%"
my $type = $1;
my $args = $2;
-- PeterThoeny - 29 Jan 2004
Follow up
Just realized that there is a change in storing files:- Before this fix:
- Meta data lines terminated by "\n" (LF) only
- Topic text lines terminated by "\r\n" (CR-LF)
- After this fix:
- Meta data lines terminated by "\n" (LF) only
- Topic text lines terminated by "\n" (LF) only
^From lines. This will break content - (including pages in Codev).
An example page that in the past would still be edittable now is here:
Note that the debug version now contains what the raw=1 version above shows on a standard TWiki:
Also note that the text has been mangled - the text as entered looked like:
<p /> )
The reason this happens is because you've constrained the by your earlier bugfix (without any tests that it breaks other content):
if( /^%META:([^{]+){(.*)}%$/ ) { # greedy match for ending "}%"
Used to be: (and is in the majority of people's installations)
if( /^%META:([^{]+){(.*)}%/ ) {
To summarise, the change you've made prevents metadata from being allowed at the end of topic text, thus breaking content on TWiki.org and elsewhere. Reverting to
if( /^%META:([^{]+){(.*)}%/ ) {
Would re-open the old bug, but resolve this one. (And indeed if this patch was applied by anyone other than yourself, this is probably what would happen)
Incidentally the original bug was a problem caused by lack of escaping metadata content and storage of metadata does not go through a marshall/unmarshalling phase.
Since your "fix" actually breaks more content than it fixes, I've change the TopicClassification from BugResolved to BugReport .
-- MS - 29 Jan 2004
The new spec with identical line endings for meta data and topic text is orthogonal and more clear. My only concern is to make sure that this does not break existing tool functionality like RCS on different platforms, RcsLite and diff (which can be fixed). Because of this I leave this bug report open for a while. Can anyone help test this?
Entering meta data into topic text is not documented and should not be used. The common practice to escape TWiki variables is %<nop>NAME%, that should also be the case for meta data.
-- PeterThoeny - 03 Feb 2004
See Sandbox.WillProbablyResultInCorruptedText for content
that is bust, and can no longer be editted by end users - thereby
breaking the wiki nature of those pages (the reason I've put it in
the sandbox incidentally).
The content was entered looking like this - note that content was
entered inside <verbatim> tags - another method that people
expect to just work . The example is also not specious - there are
many places on twiki.org where people discuss meta data handling
changes.
This is text preceding the inline meta definition surrounded by verbatim. We are discussing here what these declarations do, and considering
extending this to do more things, which is why we have an extra field
<verbatim>
---
%META:FORM{name="NonExistantForm"}%
%META:FIELD{name="TopicClassification" title="TopicClassification" value="DocumentationPage"}%
%META:FORMLOOKANDFEEL{Topic="NonExistantFormLookAndFeel"}%
---
</verbatim>
This is text preceding the inline meta definition surrounded by verbatim. We are discussing here what these declarations do, and considering
extending this to do more things, which is why we have an extra field
This is a trivial way to a) break a wiki with this feature b) make it difficult
(not impossible) for the normal audience to fix without access to
WebPreferences.
This change makes TWiki vulnerable to
defacement in such a way that SoftSecurity is also compromised.
(Since the community can't fix this easily) It might be said that
this isn't a problem, but the corruption of topic text on it's way to
store, the misdisplay of content, the fact it's a security issue as
well strike me as major problems.
Furthermore, to make line endings orthoganal
there is no point in storing topic text with trailing ^M. After all,
if this security flaw that breaks soft security is ignored then you
lose all the benefits you used to have of ^M's still being there
(differentiation of metadata from topic text). At that point removing
the ^M's when storing topic text would make logical sense.
However in that situation a user may start editting a topic which
ends with ^M on disk, edits it, and the ^M's are replaced with
standard line endings. This results in a potential 2 words edit
looking like the entire page contents has changed.
- Consider what I'm saying for once, not who is saying it.
- Corruption of user's text is about the worst possible thing any application can do, and it's a huge problem for a wiki.
- * It's specifically about how the written text is stored/dealt with, and specifically a regex change which is a lexical issue in parsing parlance.
add meta data in topics manually. Often at the beginning or end of topics. Furthermore, how would you tell which on disk format you were dealing with?
- * I can find more examples if required - it's been suggested in many places.
format="1.0" ) Calls from plugins for raw topic text should ideally be presented a representation consistent with that format. Whilst this might be called "unsupported", the fact it's had to be used surely takes precedence?
John,
> I'm not clear from the above, that there are any other bugs that will be caused by cleaning up line endings. Have I understood correctly?Yes. See also: structure of ondisk topic format. Bottom line - this change dramatically changes the interpretation of on-disk storage introducing further bugs. It's also a knockon from Peter's earlier change on 17 Jan (or so). On a secondary note - this point is bad: (IMO)
-
the intention was to destinguish meta data purely on the basic of %META:...% being present at the start of a line (verbatim should clearly be taken note of). Unless I'm missing something, I can't see why you would want another mechanism. Although this might mean that TWiki needs to throw out META data added during a normal edit.
- They don't want to define a webform, but do want to use metadata. (There's no support for arbitrary fields)
- Users want to define a webform, but can't because the local site has denied them that ability. (Goes against the WikiWay)
- Because they can, and hence do.
- Because they want to talk about meta tags.
- Because they might say something like:
... yeah, the storage on disk starts off with a
%META:BLA{... type declaration, and continues on until the end of the line. Customisation using %PARAM{"param"}%
is fairly common, replacing the older %URLPARAM{"param"}% in many locations.
And last but by no means least: - Because the topic text container should preserve anything they choose to say, and not hijack it.
- "Edit a topic file on the shell level and save with CR-LF line endings;"
- Surely this is unsupported? Anyone could break TWiki by editting the raw topic text, and the obligation is on the onus of the user, not the code to cope with this.
- Furthermore trying this with a Store.pm with unmodified semantics from BeijingRelease shows that this bug does not exhibit itself when doing precisely this. Example:
- Owiki:WordDiff, Owiki:WordDiff?raw=debug (dumping the latter's source to disk shows the ^M's have been preserved)
- Owiki:WordDiff, Owiki:WordDiff?raw=debug
- * If any of your users are using the facility you mentioned
on MetaDataRendering regarding embedding META:FIELD values
in a topic. (It's simple enough to check of course - write a perl one
liner to grep your topic text for lines
- AttachmentListDuringMessageEditOnly
- vs http://twiki.org/cgi-bin/view/Codev/AttachmentListDuringMessageEditOnly?raw=1
- ExposingTwikiMetaDataAsHtmlMetaData
- http://twiki.org/cgi-bin/view/Codev/ExposingTwikiMetaDataAsHtmlMetaData?raw=1
- HorizontalWhitespaceChangeTestPage
- http://twiki.org/cgi-bin/view/Codev/HorizontalWhitespaceChangeTestPage?raw=1
- vs
| WebForm | |
|---|---|
| TopicClassification | BugResolved |
| TopicSummary | Bug: Meta Data Handler can't Process CR-LF Line Endings |
| InterestedParties | |
| AssignedTo | |
| AssignedToCore | PeterThoeny |
| ScheduledFor | CairoRelease |
| RelatedTopics | |
| SpecProgress | 100% |
| ImplProgress | 100% |
| DocProgress | 100% |
Topic revision: r20 - 2004-09-24 - MartinCleaver
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.