Bug: Pathinfo cleanup code too aggressive
TWiki.pm has a short bit of code that attempts to clean up the Pathinfo coming into the webserver. It is too aggressive in stripping off parts of the path when the configuration of the server has an empty $scriptUrlPath. In my configuration, I have a virtual host assigned to the TWiki site. I set the $scriptUrlPath to "", so now http://twiki.xxx.com/view/Main/WebHome
will do what you want. This worked back in the December 2001 release.
I'm finally getting around to upgrading to Feb03, and have run into this problem.
The line in TWiki.pm that causes the problem is:
$thePathInfo =~ s!$scriptUrlPath/[\-\.A-Z]+$scriptSuffix/!/!i;
The problem is that with an empty $scriptUrlPath and $scriptSuffix, this becomes:
$thePathInfo =~ s!/[\-\.A-Z]+/!/!i;
which merely serves to strip off the first part of the path. This causes a valid
PathInfo of /Main/WebHome to become /WebHome, which then gets mapped to /WebHome/WebHome
which causes the oops page to appear (no such topic.)
For now, I've added an 'unless' clause to the line above that causes it not to
execute if the $scriptUrlPath and $scriptSuffix are empty, but I assume that
there are valid cases where the PathInfo needs to be cleaned, and my code will
no longer do that. I don't know what the right way to fix it is. Can I assume
that all commands (view, edit, save, etc.) will always start with a lowercase
letter and all webs and topics will start with an uppercase letter?
Test case
Set your $scriptUrlPath to "" (and $scriptSuffix to ""). When you visit a page, you will be redirected to an Oops page because your PathInfo gets clobbered.Environment
| TWiki version: | TWikiRelease01Feb2003 |
| TWiki plugins: | DefaultPlugin, EmptyPlugin, InterwikiPlugin |
| Server OS: | FreeBSD |
| Web server: | Apache 1.3.28 |
| Perl version: | 5.6.1 |
| Client OS: | FreeBSD |
| Web Browser: | Firefox 0.9 |
Follow up
Fix record
This code was put in for CobaltRaqInstall My proposed fix is to replace the line with
my $cgiScriptName = $ENV{'SCRIPT_NAME'};
$thePathInfo =~ s!$cgiScriptName/!/!i;
does this work on your side?
and does anyone know if there are any situations that the CGI param is not set?
-- SvenDowideit - 29 Jun 2004
commited to svn
-- SvenDowideit - 06 Jul 2004
works for me. thanks!
-- MikeSalisbury - 07 Jul 2004
This change is probably safe. It is a no operation for web servers that do not set the env variable. Which is OK since the original fix applies just for Cobalt boxes.
-- PeterThoeny - 10 Jul 2004 | WebForm | |
|---|---|
| TopicClassification | BugResolved |
| TopicSummary | Fix pathinfo cleanup for hosted sites |
| InterestedParties | MikeSalisbury |
| AssignedTo | MikeSalisbury |
| AssignedToCore | SvenDowideit |
| ScheduledFor | CairoRelease |
| RelatedTopics | |
| SpecProgress | 100% |
| ImplProgress | 100% |
| DocProgress | 100% |
Topic revision: r8 - 2004-07-10 - PeterThoeny
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.