Question
Following the latest TWiki security advisory (HtmlAttachmentSpam), I've updated the BlackListPlugin with the version from 02 Jun 2006. After that, one user of my TWiki setup reported that the contents of a page just disapeared when he uploaded an image to it. I confirmed the problem and also confirmed that it stopped happening when I disabled the BlackListPlugin. To reproduce the problem, follow these steps: 1) Install BlackListPlugin version of 02 Jun 2006 and enable it. 2) Go to any wiki page in your setup and click the attach button. 3) Attach any file to the page, checking the "add link to attached file" box. Make sure you have a backup of the page content. 4) You will see a blank page with only the link to the new attached file. All previous content will be gone.Environment
Answer
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box. 
-- PeterThoeny - 04 Jun 2006
Thanks a lot Peter, I'll try and install the patch and see how it goes.
You may want to make the bug report a bit broader then because I'm running TWiki on an Intel based Linux box (not Solaris), with TWiki 4.0.0 setup (not 4.0.2).
Also, you may want to inform users that the bug may cause data loss. I have actually lost content on the wiki page, not only got the zero size images uploaded.
-- RicardoScachettiPereira - 04 Jun 2006
Loosing page content sounds like you are now hit by Bugs:Item2097 is not released yet so cannot be fixed in 4.0.2
- Sorry, my mistake, thanks for catching. -- SteffenPoulsen - 06 Jun 2006
has a patch that relates to Sun and ends up with a fight about which CPAN modules to use which has nothing to do with the bug original bug. It says waiting for release and there are 3 chech-ins.
I doubt many will know how to fix this issue. And I am surely confused.
-- KennethLavrsen - 05 Jun 2006
The fix stated in Bugs:Item2390 needs to be applied. Here it is again for reference: Change the the beforeAttachmentSaveHandler "if" section of sub saveAttachment in file twiki/lib/TWiki/Store.pm as follows:
if( $plugins->haveHandlerFor( 'beforeAttachmentSaveHandler' )) {
# SMELL: legacy spec of beforeAttachmentSaveHandler requires
# a local copy of the stream. This could be a problem for
# very big data files.
use File::Temp;
my $fh;
# Note: do *not* rely on UNLINK => 1, because in a mod_perl
# context the destructor may not be called for a *long* time.
# Call tempfile in a list context so that file does not get
# deleted when closed.
( $fh, $tmpFile ) = File::Temp::tempfile();
binmode( $fh );
# transfer 512KB blocks
my $transfer;
my $r;
while( $r = sysread( $opts->{stream}, $transfer, 0x80000 )) {
syswrite( $fh, $transfer, $r );
}
close( $fh );
$attrs->{tmpFilename} = $tmpFile;
$plugins->beforeAttachmentSaveHandler( $attrs, $topic, $web );
open( $opts->{stream}, "<$tmpFile" );
binmode( $opts->{stream} );
}
-- PeterThoeny - 06 Jun 2006
I think this fix also includes Bugs:Item2097, so this should cover it for all platforms.
-- SteffenPoulsen - 06 Jun 2006
Thanks a million folks!!
I have applied both patches from Bugs:Item2097 and Bugs:Item2390 (I have cut and paste the code above actually) and it all works well with the upgraded BlackListPlugin.
Thanks for all the help, prompt answers and for this excellent piece of software that is TWiki.
-- RicardoScachettiPereira - 06 Jun 2006
Topic revision: r9 - 2006-06-06 - KennethLavrsen
Site map
Blog web
Search
Changes
RSS Feed
Notifications
Statistics
Preferences
Register new user
Support Forum 
Ask a question
Open questions 
My recent questions
Get quick help in #twiki IRC channel
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.