Revision [2259]
This is an old revision of WikkaBugsResolved made by PolVazo on 2004-11-17 09:24:50.
Resolved bugs
For open Bugs/Issues look at WikkaBugs.
Interwiki is broken
Interwiki links are broken if they are not CamelCased, like WikiPedia:Albert_Einstein will not work, but WikiPedia:CamelCase would. Wikipedia heavily relays on FreeLinks, which converts "Albert Einstein" to "Albert_Einstein". --DavidCollantesThere are in fact two causes for this:
- the evaluation order in Link() is wrong: it evaluates a WikiName before it evaluates a possible Interwiki link; since a WikiName is a substring of an an Interwiki link, the latter should be matched first;
- the RE used to match an Interwiki assumes only WikiNames after the colon; since an Interwiki link actually appends a string to a pre-defined part of a URL, we should allow anything that is allowed in a URL - not just WikiNames.
Without addressing the last issue of the scattered REs, the following changes will fix this problem:
1. wikka.php -- Link() method - change near the start as follows:
<?php
// is this an interwiki link?
if (preg_match("/^([A-Z,ÄÖÜ][A-Z,a-z,ÄÖÜ,ßäöü]+)[:](\S*)$/", $tag, $matches))
{
$url = $this->GetInterWikiUrl($matches[1], $matches[2]);
}
// is this a wiki link?
elseif (preg_match("/^[A-Za-z0-9]+$/", $tag))
{
if ($_SESSION["linktracking"] && $track) $this->TrackLinkTo($tag);
$linkedPage = $this->LoadPage($tag);
// return ($linkedPage ? "<a href=\"".$this->Href($method, $linkedPage['tag'])."\">".$text."</a>" : "<span class=\"missingpage\">".$text."</span><a href=\"".$this->Href("edit", $tag)."\" title=\"Create this page\">?</a>");
return ($linkedPage ? "<a href=\"".$this->Href($method, $linkedPage['tag'])."\" title=\"$title\">".$text."</a>" : "<a href=\"".$this->Href("edit", $tag)."\" title=\"Create this page\"><span class=\"missingpage\">".$text."</span></a>");
}
elseif (preg_match("/^(http|https|ftp):\/\/([^\\s\"<>]+)$/", $tag))
{
$url = $tag; // this is a vaild external URL
}
// is this a full link? ie, does it contain alpha-numeric characters?
?>
// is this an interwiki link?
if (preg_match("/^([A-Z,ÄÖÜ][A-Z,a-z,ÄÖÜ,ßäöü]+)[:](\S*)$/", $tag, $matches))
{
$url = $this->GetInterWikiUrl($matches[1], $matches[2]);
}
// is this a wiki link?
elseif (preg_match("/^[A-Za-z0-9]+$/", $tag))
{
if ($_SESSION["linktracking"] && $track) $this->TrackLinkTo($tag);
$linkedPage = $this->LoadPage($tag);
// return ($linkedPage ? "<a href=\"".$this->Href($method, $linkedPage['tag'])."\">".$text."</a>" : "<span class=\"missingpage\">".$text."</span><a href=\"".$this->Href("edit", $tag)."\" title=\"Create this page\">?</a>");
return ($linkedPage ? "<a href=\"".$this->Href($method, $linkedPage['tag'])."\" title=\"$title\">".$text."</a>" : "<a href=\"".$this->Href("edit", $tag)."\" title=\"Create this page\"><span class=\"missingpage\">".$text."</span></a>");
}
elseif (preg_match("/^(http|https|ftp):\/\/([^\\s\"<>]+)$/", $tag))
{
$url = $tag; // this is a vaild external URL
}
// is this a full link? ie, does it contain alpha-numeric characters?
?>
2. formatters/wakka.php
2.1 // interwiki links! section - change line that does the matching as follows:
2.2 preg_replace_callback() - change this (near the end):
<?php
"\b[A-Z,ÄÖÜ][A-Z,a-z,ÄÖÜ,ßäöü]+[:]([A-Z,a-z,0-9,ÄÖÜ,ßäöü]*)\b|".
?>
"\b[A-Z,ÄÖÜ][A-Z,a-z,ÄÖÜ,ßäöü]+[:]([A-Z,a-z,0-9,ÄÖÜ,ßäöü]*)\b|".
?>
into this:
<?php
"\b[A-Z,ÄÖÜ][A-Z,a-z,ÄÖÜ,ßäöü]+[:]\S*\b|".
?>
"\b[A-Z,ÄÖÜ][A-Z,a-z,ÄÖÜ,ßäöü]+[:]\S*\b|".
?>
Explanation: in general (apart from the changed evaluation order - correct in wakka.php but incorrect in wikka.php) we simply allow any character that is not whitespace: somewhat lenient but the allowable characters in a URL is quite a large set and partially dependent on in which part of the URL they occur; allowing simply non-whitespace is a reasonable shortcut, IMO
Note that fix 1. will already work for forced Interwiki links; the two parts of fix 2. are needed as well (both together) to make it work for Interwiki links simply inserted as text (as in David's example).
-- JavaWoman
Fixed in Wikka 1.1.5.4 and above. Thanks for pointing this out. -- JsnX
Password change problem
If spaces are entered on passwords, it does not works and no feedback is given to users. I tried on the "Change Password" part, not on the new user registration. --DavidCollantesSimple fix:
Around line 96 in actions/usersettings.php change this:
<?php
if (isset($error))
{
print("<tr><td></td><td><div class=\"error\">".$this->Format($passerror)."</div></td></tr>\n");
}
?>
if (isset($error))
{
print("<tr><td></td><td><div class=\"error\">".$this->Format($passerror)."</div></td></tr>\n");
}
?>
to this:
<?php
if (isset($passerror))
{
print("<tr><td></td><td><div class=\"error\">".$this->Format($passerror)."</div></td></tr>\n");
}
?>
if (isset($passerror))
{
print("<tr><td></td><td><div class=\"error\">".$this->Format($passerror)."</div></td></tr>\n");
}
?>
-- JavaWoman
Yup. Thanks for pointing this out. Fixed in Wikka 1.1.5.4 and above. -- JsnX
Security bug in UserSettings (minor)
[Moved this back up again and edited since as of 1.1.5.3 it's only half fixed: only one of the assignments has been changed into a comparison operator. Sorry, I should have noticed before]The file actions/usersettings.php contains a function for a logged in user to change their password; looking at the code, the apparent intention is to verify the user's current password before accepting the new one:
Line 35:
<?php ...
else if (($user["password"] = md5($_POST["oldpass"])) || ($user["password"] == $_POST["oldpass"]))
?>
else if (($user["password"] = md5($_POST["oldpass"])) || ($user["password"] == $_POST["oldpass"]))
?>
Unfortunately, this test always succeeds since it does an assignment instead of a comparison - and since the boolean operator is OR (
) it doesn't matter if the second term is (now) a comparison: just the single assignment in the first term will make it always evaluate as TRUE. This presents a security risk in (semi) public situations where someone might "take over" a logged-in user's account. The code should be corrected as: <?php ...
else if (($user["password"] == md5($_POST["oldpass"])) || ($user["password"] == $_POST["oldpass"])) ?> -- JavaWoman Fixed in Wikka 1.1.5.4 and above. Thanks for pointing this out. -- JsnX Code formatters and smart titlesSomething dodgy has been done to this site's header.php. The code to extract document titles from the downloaded version is MUCH different from what you are showing here. Take a look at the document titles on HtmlAreaEditing and GmBowen. That's code in there! What's going on? This issue has been addressed in 1.1.5.1 via Mod040fSmartPageTitles. However the regex pattern needs to refined to avoid code samples (e.g. GmBowen)The issue of code formatters has been adressed in 1.1.5.3 -- DarTar XHTML not validAlso in actions/usersettings.php: the state for "on" checkboxes is generated as 'checked'; to be valid XHTML such a boolean attribuet needs to be written as 'checked="checked"'.JavaWoman Both bugs are now fixed, and will be in the next release. Thanks! - JsnX I've discovered a weird sort of bug. When I attempt to create a page whose name contains the string CategoriesExplained, I get a 403 error on wikka.php (no re-writing enabled) when I attempt to preview or store this information. I was trying to create a page named WikiCategoriesExplained on my site (attempting to replace the irritatingly named WikiCategory). I've managed to replicate this bug on this site (click CategoriesExplained here then click Preview. -- Sam
It's not really a Wikka bug. Edit the .htaccess in your root Wikka directory. Remove the word sex from within the line that starts with 'SetEnvIfNoCase'. I've taken care of this for the next release. - JsnX
2) The WantedPages page uses the linking_to query-string. The character preceding this should be a "?" if URL re-writing is enabled, but a "&" if not. For example, if I use the default wikka.php?wikka=WantedPages?linking_to=TestMe, this will attempt to create a new page. This bug may be already addressed at Mod032bModRewrite, but frankly, I can't understand it.
$text = preg_replace("/\n[ ]{4}/", "\n\t", $text);
then program listings with levels indented four and more times will be rendered correctly again.
Yes! (You can try to disable mod_rewrite by commenting the corresponding LoadModule in httpd.conf)
<IfModule mod_rewrite.c> RewriteEngine off </IfModule> Version Wikka Wakka Wiki 1.0.4:
bug in redesigned acl-handling?am i wrong or does the $wakka->hasaccess routine (v. 1.1.3) only check the user-rights against the present page, regardless if the parameter $tag is set or not? i haven't had a closer look, but as i understood, the check against $this->acls[$privilege."_acl"] only returns the right value, if $tag == $this->tag and else should be passed over to the loadacl-function as wakka did. -- DreckFehler
formatters don't care about diff-tagsnone of the formatters which are triggered by the %%double-percent tag%% observes the tags that are inserted by the diff-engine, although the main-formatter wakka.php delegates all rendering to these formatters. an example is shown here:http://wikka.jsnx.com/FeedbackAction/diff?a=828&b=792 just search for "pound" or "++" on that page. in most cases this issue can be solved by a simple str_replace. an exception is the php-highlighter. see the link below for a solution. but fixing that problem rises another! i'm unhappy with the "++" tag used by the diff-engine to mark deletions. the double-plus is also the increment operator of php (and other languages) and can't be distiguished from the diff-tags. this problem is addressed in the following sample code too: http://mindwiki.de/wikka_bug_-_formatters_to_care_about_diff-engine/diff?a=387&b=384 that page might be an example what this bugfix is good for, but it also shows up the limits. naturally the sample-code contains those diff-tags which it is dealing with. that obviously screws up the diff-engine again. so take care not only to paste-n-copy the code snippets from the link above ;)
Problem with newpage actionOn CreateNewPage...If you click on the button to create a page when there is nothing in the text box you are still taken to a new page asking you if you if you want to edit the new page....the code really needs a check to make sure there is text in the box. -- Mike (aka GmBowen)
It should be:
<?php
// author: costal martignier // beschreibung: erstellt eine seite // parameter: keine // lizenz: GPL // email: wakkaactions@martignier.net // url: http://knowledge.martignier.net if ($_POST['submitted'] == true && $_POST['pagename'] != '') { $pagename = $_POST['pagename']; $url = $this->config['base_url']; $this->redirect($url.$pagename."/edit"); } else { echo '<br />'; echo '<form action="" method="post"> <input type="hidden" name="submitted" value="true" /> <input type="text" name="pagename" size="50"/> <input type="submit" value="Create and Edit" /> </form>'; } ?> CategoryDevelopment |