Revision [6267]

This is an old revision of WikkaBugs made by PolVazo on 2005-02-23 14:12:34.

 

Bugs/Issues discovered in Wikka!

Last edited by PolVazo:
Advanced search results reveal confidential info
Wed, 23 Feb 2005 14:12 UTC [diff]

Related pages:
  • workarounds for unusual problems and temporary fixes for known bugs listed at WikkaWorkarounds
  • for issues related to Wikka layout refer to: WikkaCSS
  • for feature suggestions rather than bugs, go to the SuggestionBox
Attention:
For problems with foreach in PHP version 4.3.10:
See WikkaBugsResolved
 

Please post recently discovered bugs on the top of this page (just below this note).

 



Category name matching

Yes, I know the category system needs to be revamped, but I figured I'd report this anyway. If you have a category name that is a substring of another category name, pages referencing the second category will also appear in the first. In other words...I have a category named 'CategoryBookOne, and another named CategoryBookOneJournal. Pages that reference CategoryBookOneJournal also show up in the list of pages for CategoryBookOne, which is not the behavior I expected or wanted.
-- TammyCravit

Installer problems

Gathered from error reports in different places (including comments on WikkaInstallation, #wikka and IM) - neither new, but worth repeating and putting together, I think:
This is especially a problem for users new at MySQL or new even at PHP+MySQL for whom it won't be obvious where to start troubleshooting when the installer simply hangs.
--JavaWoman


PHP5 + GESHI

Using PHP5 with the 1.1.6.0 release and the included GeSHI doesn't work. Once I updated GeSHI to the latest version, everything worked fine. --BrendonB


mod_rewrite issue


When in edit mode using IIS if you click the help button the program doesn't take you to the FormattingRules page, but tries to go to the FormattingRules Directory, which does not exist.



Bug in Textsearch (expanded)

As DotMG has pointed out, the input for this two actions isn't validated, making it a security-hole.
You can fix it by changing the line
    $phrase = stripslashes($phrase);

into
    $phrase = preg_quote($this->htmlspecialchars_ent(stripslashes($phrase)), "/");

You have to change both files (textsearch and textsearchexpanded). --NilsLindenberg

Advanced search results reveal confidential info
Results should be hidden or not shown if the user doesn't have read access to page IMHO. --PolVazo

Recent[ly]Comment[ed|s] actions should check for permission


Comments are being previewed even if users do not have access. A simple check needs to be added. -- JsnX
if ($this->HasAccess("comment"))


tags in the edit-notes

I made a edit note: "removed a <?php (to much)" and got "removed a". Perhaps replacing <> would be the better option? --NilsLindenberg


Opera and layer

(copied from the sandbox --NilsLindenberg)
Opera browser doesn't like a right layer a the end of a page :(


Missing language-support in the code formatter

(copied from the sandbox --NilsLindenberg)

not support 2byte language in the Code formatters!!!!
// &#54620;&#44544;&#51060; &#44648;&#51648;&#44192;&#51648;
// &#51652;&#51676; &#44648;&#51648;&#45348;.. &#55121;&#55121;.. &#50640;&#46356;&#53552;&#52285;&#50640;&#49436; &#44648;&#51648;&#45716; &#44163;&#46020; &#50676;&#48155;&#45716;&#45936;..
...



Error on ./handlers/page/referrers_sites

Line 46 :
=>
            print("<td valign=\"top\">" . (($site != "unknown") ? "<a href=\"http://".$this->htmlspecialchars_ent($site)."\">".$this->htmlspecialchars_ent($site)."</a>" : $site) . /*"</a> ".*/($IsAdmin ? "[<a href=\"".$this->href("delete_referrer", "", "spam_site=").$this->htmlspecialchars_ent($site)."&amp;redirect=".$this->GetMethod()."\">Blacklist</a>]" : "")."</td>");

Note: You cannot see this error by validating directly a page because W3C is not registered and it will not have the same output as you, in other words, code on line 46 won't be executed. But you can save the page on your hard disk and validate it.
--DotMG


Wiki Edit causes lockup

The new version of wikiedit here causes a lockup if I use either ctrl-B or click on the B link after highlighting text. I can go to earlier versions of wikka on my servers and it works fine. Back to wikka and it causes a lockup (no asterisks are inserted, no other formatting works either, so I have to close the window...which generates an MS window crash notification popup). I'm running XPPro with current updates for both XP & IE. -- GmBowen


Accept-Encoding: gzip;q=0, deflate

Not really bug, but should be corrected for respect & compliance to RFC2616
If a browser sends the header
Accept-Encoding: gzip;q=0, deflate
Which should be interpreted as : "I don't support gzip encoding, but I prefer deflate", Wikka will understand "The browser supports gzip-encoding", as it just searches for the text gzip in $_SERVER['HTTP_ACCEPT_ENCODING']. An example I use to treat it correctly is :
 function ParseHeaderLine($hl, $token=null)
 {
  $ar_hl = explode(',', $hl);
  foreach ($ar_hl as $dotmg_idx => $val)
  {
   if (preg_match('/^\s*(.*?);\s*q\s*=\s*([0-9\.]*)/i', $val, $match))
   {
    $res[strtolower($match[1])] = doubleval($match[2]);
   }
   else
   {
    $res[strtolower($val)] = 1;
   }
  }
  if ($token) return(isset($res[$token]) && ($res[$token] > 0)); #if $token is set, we return true or false
 return ($res); # else we return the header parsed.
}

and
 if ($this->ParseHeaderLine($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) ...

Note : This function might be useful to deal also with Accept-Language, when Wikka will be made effectively multilingual.
--DotMG


1.1.6.0beta4: Simplified Chinese (or Unicode relative) in WikiEdit:

A page contains unicode characters looks OK when viewed but displays ''&#*****;'' while edited in WikiEdit
Simplified Chinese Test:
中文是一种美丽的语言,除了具有音节上的美感,同样拥有视觉上的美感
In 1.1.5.3, I solved this problem by changed some line in ./handlers/page/edit.php
#from
"<textarea onKeyDown=\"fKeyDown()\" id=\"body\" name=\"body\" style=\"width: 100%; height: 500px\">".$body."</textarea><br />\n"
#to
"<textarea onKeyDown=\"fKeyDown()\" id=\"body\" name=\"body\" style=\"width: 100%; height: 500px\">".$this->htmlspecialchars_ent($body)."</textarea><br />\n"

Wikka is wonderful! ZhuangYuyao


Double-click editing

I noticed: Turning off DoubleClick-editing does not work (double-clicks still go to edit-window) in IE 6.0 or Firefox 1.0.
Keep up the good work!
Cheers, MarkHissinkMuller


$_REQUEST problem


If this does not fit in this bug section as such, my apologies... I'd like to hear some comments on this though..

I initially noticed this after having a problem with the {{files}} action. When trying to download a (previously succesfully uploaded) I received this result: Unknown method "page/files.xml?action=download.php"

Digging through the code and printing out some variables I noticed the $_REQUEST (and $_GET) variable still contained part of the query string. See the example code below. I inserted a quick workaround in wikka.php but I'm interested in figuring out how and where this is caused.

My setup:
Apache/1.3.28
php (module) 4.3.7
wikka 1.1.5.3

url: /wakka/wikka.php/FileActionExample/files.xml?action=download&file=file.txt

<?php

print_r($_REQUEST);

/* print_r result
Array
(
    [wakka] => FileActionExample/files.xml?action=download
    [file] => file.txt
)
*/


//work-around $_REQUEST problem
if( preg_match( "/(^[^?]*?)\?([^=]*?)=(.*)/" ,$_REQUEST['wakka'],$matches) ){
    list(,$_REQUEST['wakka'],,$_REQUEST[$matches[2]]) = $matches;
    list(,$_GET['wakka'],,$_GET[$matches[2]]) = $matches;
    unset($matches);
}

print_r($_REQUEST);

/*
print_r result after work-around
Array
(
    [wakka] => FileActionExample/files.xml
    [file] => file.txt
    [action] => download
)
*/


?>


thanks, JoshJohn

PageIndex problem

DarTar and I have recently created some test pages, testing page names related to how Wikka evaluates 'valid' page names: ,My,Page and ÄhnLich (yes, they both exist, even if they don't show up as such in this sentence!). Now look at where they show up on PageIndex... surely there shouldn't be two '#' indices??
--JavaWoman

Install Note on Basic URL and CSS

First, this may applied to my ISP only. When I installed, I have to use
the ?wakka= options. However, I have to add a / to the end of the
default Basic URL before append ?wakka= to it. So I think it maybe
helpful to modify the instruction to '... so it should include
the "/?wakka=" parameter...'


This problem has been cropping up off and on in wikka for me recently (only at this site as far as I can tell...so beta code maybe??). Anyways, I noticed it today on the BannerMaker page. The follow three screen captures were done after multiple reloads of the page (the images didn't move with every reload). The weird part to me is that the "spacing" between them stays the same, but the images move up and down the screen.
http://gmbowen.educ.unb.ca/wikitest/bug.jpg
http://gmbowen.educ.unb.ca/wikitest/bug2.jpg
http://gmbowen.educ.unb.ca/wikitest/bug3.jpg


Weirdness with Include

Um, I don't know how to describe this really. Put {{include page="CategoryDocumentation"}} on the SandBox page....I can't figure out why it gives that output as Sandbox doesn't own anything.


I just discovered that the {{backlinks}} action may list pages that don't "exist" any more, in the sense that they (apparently) still are in the database but without any active version (seemingly as a result of a rename action. I added an example on JavaWoman my own page where you can see a supposed backlink from ReleaseNotes (which was replaced by WikkaReleaseNotes).



GetEnv is not a good idea!

At ./wikka.php, you will see a line
<?php if (!$configfile = GetEnv("WAKKA_CONFIG")) $configfile = "wikka.config.php";?>

In the most cases, a website is hosted in a machine as a VirtualHost, this means that a number of websites share the same environment variables. If someone knows where your site is hosted, he can put his site at the same server, and use a script containing
<?php putenv('WAKKA_CONFIG=/home/hacker/config.php');?>
. And all wikka sites on the same server will use his configuration file. The rest actions to take to hack your site will be as easy as eating sandwich.
Php doc says that an environment variable is altered only during the life of the script, but with my dev Easyphp's on windows, that is false. (I think a "new" environment variable keep its value, even on Linux).

I wanted to make a unique Wikka interface used by 3 sites on the same server. The best secure solution I found is to alter ./wikka.php like this :
<?php
if (file_exists("wakka.config.php")) rename("wakka.config.php", "wikka.config.php");
#if (!$configfile = GetEnv("WAKKA_CONFIG")) $configfile = "wikka.config.php";
if (!$configfile && isset($GLOBALS['wikka_config'])) $configfile = $GLOBALS['wikka_config'];
if (!$configfile) $configfile = "wikka.config.php";
if (file_exists($configfile)) include($configfile);

and put the 2 files sitenumber2.php and .htaccess below at the root of the server number 2:
sitenumber2.php:
<?php
 $GLOBALS['wikka_config'] = "/path/to/altered_config.php";
 chdir("/path/to/basewikka");
 include('wikka.php');
?>

.htaccess:
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^(.*/[^\./]*[^/])$ $1/
 RewriteRule ^(css|images|wikiedit2)/(.*)$ /path/to/basewikka/$1/$2 [L]
 RewriteRule ^(.*)$ sitenumber2.php?wakka=$1 [QSA,L]
</IfModule>


--DotMG



Expanded Text Search fails

I tried an expanded Text-Search after +parameter +link and got the following error:

Warning: Compilation failed: nothing to repeat at offset 1 in /.../actions/textsearchexpanded.php on line 33

for every page.
--NilsLindenberg

Yet more formatter bugs

Looking at formatters/wikka.php to find the cause of the two bugs listed below (found one), I notice to my horror that a lot of the regular expressions used there are actually incorrect. They allow such things as using a comma to indent a line (in addition to a tab, or ~, at the start of a line: demo in the SandBox, and in the list below!), or a comma in a WikiName (even at the start) or in an InterWiki link. That can't have been the intention - it's simply a matter of incorrect RE syntax. I'd become sort of "sensitized" to this phenomenon looking at DarTar's RE on ValidPageNames earlier today - now I see where he found an example (see my comment on that page on his RE!).
,Note: see also ,My,Page - yup, that's a real page now. ;-)



List parsing bug?

Have a look at the source of WikkaDevelopment, you will see that tabs and unordered lists for some reasons are not correctly parsed (actually after one edit, tabs were added at the beginning of each line). I'll try to figure out why this happens...
-- DarTar



MySQL issue


MySQL 5+ isn't supported as it requires PHP to use the mysqli extension instead of plain old mysql. I hoped there would be a single file to change this, but there seems to be no database abstraction in this project at all.

-- DavidCarrington



Login Problem

I have several users that have trouble staying logged in using ie 6.0.XX.
--GregorLindner





User search - should be case-sensitive
I was going through user pages, and looked at the homepage by user DaN; clicking on the name does the TextSearch thing: http://wikka.jsnx.com/TextSearch?phrase=DaN which brings up a surprising number of pages, none of which have actually been touched by DaN, it seems (at least non of the ones I checked). Using the browser to search in some of the listed pages (and their revision history) I found hits on words like "dangerous" - and nothing else. This way, the user search feature isn't all that useful, I'm afraid. A whole-word search may be difficult, but could we at least make it (optionally) case-sensitive so that a search for a user name or page name doesn't bring up a host of spurious results?




Problem with "History"??

I ran across this on another wikka implementation....
http://elvito.sv-city.de/wikka.php?wakka=RecentChanges
if you look at Sun, 22 Aug 2004 the second item down says
[ (20:46 CEST?) [history?] - TextSearch?phrase=ElVitoWakkaWiki? ? ppp-82-135-6-82.mnet-online.de ] which seems kinda wrong. -- Mike (aka GmBowen)


Email Addresses
Found several issues with how email addresses are validated / accepted / used; outlined on WikkaAndEmail - and I'm working on solutions. (Email is complicated and there's a whole bunch of standards (RFCs) involved.)

First part of the solutions now in WikkaEmailToolkit; while the toolkit is still incomplete, what's there now can be used as presented there (no dependencies on later components).
-- JavaWoman


Bugs I've found:



Thanks - Sam


 


CategoryDevelopment
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki