Tags:
create new tag
view all tags

SID-02413: TWikiSheet plugin fails to save

Status: Asked Asked TWiki version: 6.1.0 Perl version: 5.16.3
Category: TWikiSheetPlugin Server OS: CentOS Linux release 7.6.1810 Last update: 6 years ago

Hello Using the following example code the plugin fails to save the changes 

%TWIKISHEET{ mode="edit" save="1" }%
|  | 16Q1 | 16Q2 | 16Q3 | 16Q4 |
| East: | 163 | 182 | 208 | 193 |
| Center: | 82 | 97 | 126 | 91 |
| West: | 217 | 231 | 294 | 249 |
| Total: | =SUM(B2:B4) | =SUM(C2:C4) | =SUM(D2:D4) | =SUM(E2:E4) |
| Min: | =MIN(B2:B4) | =MIN(C2:C4) | =MIN(D2:D4) | =MIN(E2:E4) |
| Max: | =MAX(B2:B4) | =MAX(C2:C4) | =MAX(D2:D4) | =MAX(E2:E4) |

The JS alert box shows 

TWiki Sheet Error: Failed to save changes, OK

The browser developer console does not show anything significant. The console on the twiki.org (where the plugin works) site for the plugin shows the same messages.

The Apache error log shows Insecure dependency in open while running with -T switch at /opt/twiki/prod/lib/TWiki/Store/RcsFile.pm line 914

I have tried various plugin settings and the same result.

The plugin was working on an installation on RH7. It seems that the error is the result of moving to Centos 7.

Any ideas of what is this cause?

Thanks in advance Pete

-- Peter Jones - 2019-09-17

Discussion and Answer

Could be a dependency issue. Is a recent version of CPAN:JSON installed?

-- Peter Thoeny - 2019-09-17

Hi

The plugin works on a RH7 machine with JSON version 2.15

It fails on the CENTOS 7 machine with JSON version 2.59

So it fails on a more recent version.

I could rollback I suppose. What is the version on the TWiki.org servers ?

Pete

-- Peter Jones - 2019-09-18

TWiki.org has JSON version 2.26, but now I doubt that the version is the issue.

Based on the taint error you reported, please try this:

In lib/TWiki/Plugins/TWikiSheetPlugin/Core.pm line 459 add the two lines after the first line: 

    my $webTopic = $query->param( 'webTopic' );
    $webTopic =~ s/$TWiki::cfg{NameFilter}//go;
    $webTopic = TWiki::Sandbox::untaintUnchecked( $webTopic );

Let me know.

-- Peter Thoeny - 2019-09-18

I added the lines but unfortunately I have the same result.

-- Peter Jones - 2019-09-19

Could you enable the $TWiki::cfg{Plugins}{TWikiSheetPlugin}{Debug} flag in LocalSite.cfg and let us know the data/debug.txt output?

-- Peter Thoeny - 2019-09-20

Hi Peter

Here is the output on the debug.txt file. I changed a value (99 to 88) which failed with the same error as above. It doesn't show much 

| 2019-09-23 - 15:00:37 | - TWiki::Plugins::TWikiSheetPlugin::initPlugin( TWikiAtCERN.TwikiTwikiSheet ) is OK |
| 2019-09-23 - 15:00:38 | - TWikiSheetPlugin::Core::new() - constructor |
| 2019-09-23 - 15:00:38 | - TWikiSheetPlugin::Core::protectVariables( TWikiAtCERN.TwikiTwikiSheet ) |
| 2019-09-23 - 15:00:38 | - TWikiSheetPlugin::Core::processText( TWikiAtCERN.TwikiTwikiSheet ) |
| 2019-09-23 - 15:00:38 | - TWikiSheetPlugin::Core::_prepareTable( TWikiAtCERN.TwikiTwikiSheet, table 0, save 1, mode edit ) |

| 2019-09-23 - 15:00:38 | - TWikiSheetPlugin::Core::table data: [   ["", "16Q1", "16Q2", "16Q3", "16Q4"],
   ["East:", 163, 182, 208, 193],
   ["Center:", 99, 97, 126, 91],
   ["West:", 217, 231, 294, 249],
   ["Total:", "=SUM(B2:B4)", "=SUM(C2:C4)", "=SUM(D2:D4)", "=SUM(E2:E4)"],
   ["Min:", "=MIN(B2:B4)", "=MIN(C2:C4)", "=MIN(D2:D4)", "=MIN(E2:E4)"],
   ["Max:", "=MAX(B2:B4)", "=MAX(C2:C4)", "=MAX(D2:D4)", "=MAX(E2:E4)"]
  ] |
| 2019-09-23 - 15:00:38 | - TWiki::Plugins::TWikiSheetPlugin::initPlugin( AtlasProtected.FigandTabPrep ) is OK |
| 2019-09-23 - 15:00:40 | - TWiki::Plugins::TWikiSheetPlugin::initPlugin( HCC.BlogEntryPoint8x2007x07x04x16x26 ) is OK |
| 2019-09-23 - 15:00:44 | - TWiki::Plugins::TWikiSheetPlugin::initPlugin( TWikiSheetPlugin.Save ) is OK |
| 2019-09-23 - 15:00:44 | - TWikiSheetPlugin::Core::new() - constructor |
| 2019-09-23 - 15:00:44 | - TWikiSheetPlugin::Core::restSaveTable( update, TWikiAtCERN.TwikiTwikiSheet, table: 0, changes: [["PeterJones-3918","change",[2,1,99,"88"]]] ) |
| 2019-09-23 - 15:00:44 | - TWikiSheetPlugin::Core::_updateTable( %TWIKISHEET{ mode="edit" save="1" }%, 0, 0 ) |
| 2019-09-23 - 15:00:44 | - TWikiSheetPlugin::Core:: - save action change, row 2, col 1, "88" |
| 2019-09-23 - 15:00:44 | - TWikiSheetPlugin::Core::_saveTableChanges( TWikiAtCERN.TwikiTwikiSheet, table 0, last line ["PeterJones-3918","change",2,1,99,"88"] ) |

| 2019-09-23 - 15:00:44 | - TWikiSheetPlugin::Core:: - old table:
===== OLD <b> === </b>
| | 16Q1 | 16Q2 | 16Q3 | 16Q4 |
| East: | 163 | 182 | 208 | 193 |
| Center: | 99 | 97 | 126 | 91 |
| West: | 217 | 231 | 294 | 249 |
| Total: | =SUM(B2:B4) | =SUM(C2:C4) | =SUM(D2:D4) | =SUM(E2:E4) |
| Min: | =MIN(B2:B4) | =MIN(C2:C4) | =MIN(D2:D4) | =MIN(E2:E4) |
| Max: | =MAX(B2:B4) | =MAX(C2:C4) | =MAX(D2:D4) | =MAX(E2:E4) |

<b><span>===========</span></b> |
| 2019-09-23 - 15:00:44 | - TWikiSheetPlugin::Core:: - new table:
===== NEW <b> === </b>
| | 16Q1 | 16Q2 | 16Q3 | 16Q4 |
| East: | 163 | 182 | 208 | 193 |
| Center: | 88 | 97 | 126 | 91 |
| West: | 217 | 231 | 294 | 249 |
| Total: | =SUM(B2:B4) | =SUM(C2:C4) | =SUM(D2:D4) | =SUM(E2:E4) |
| Min: | =MIN(B2:B4) | =MIN(C2:C4) | =MIN(D2:D4) | =MIN(E2:E4) |
| Max: | =MAX(B2:B4) | =MAX(C2:C4) | =MAX(D2:D4) | =MAX(E2:E4) |
<b><span>===========</span></b> |

-- Peter Jones - 2019-09-23

I uploaded a new version with taint fix. Please update plugin and let me know.

-- Peter Thoeny - 2019-09-25

Hi Peter Unfortunately I get the same error

-- Peter Jones - 2019-09-26

I am at a loss why this does not fix the issue. The Insecure dependency in open while running with -T switch at /opt/twiki/prod/lib/TWiki/Store/RcsFile.pm line 914 indicates a taint issue on topic save. The plugin only has one TWiki::Func::saveTopic() call, and the $web, $topic parameters are untainted with the latest fix.

Could you print debug $tmpName in lib/TWiki/Store/RcsFile.pm just before line 914?

-- Peter Thoeny - 2019-09-30

here is a line from the debug file

| 2019-10-01 - 14:59:50 | /opt/twiki/prod/data/TWikiAtCERN/TwikiTwikiSheet.lock.8524

-- Peter Jones - 2019-10-02

Thanks, so it is the lock operation. I looked again through the code, all looks kosher, the $web and $topic parameters are not changed on normal save and repRev save. However, plugins could do a save in beforeSaveHandler. For testing, could you disable all plugins that have this handler?

-- Peter Thoeny - 2019-10-02

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Asked
Title TWikiSheet plugin fails to save
SupportCategory TWikiSheetPlugin
TWiki version 6.1.0
Server OS CentOS Linux release 7.6.1810
Web server apache
Perl version 5.16.3
Browser & version Firefox, Chrome, Safari
Edit | Attach | Watch | Print version | History: r12 < r11 < r10 < r9 < r8 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r12 - 2019-10-02 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.