You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by Florian Holeczek <fl...@holeczek.de> on 2008/03/13 14:10:06 UTC
bug in ACL handling?
Hi there,
I've just seen that the Main page on jspwiki.org had been edited by
someone who wasn't mentioned in the allow edit block... how could
this happen?
Regards,
Florian
Re: bug in ACL handling?
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
> So at the same time, the user "vijendrayadav" was renaming a page?
Yup. Got the reason too - if you go "back" when you've done a
rename, and try the rename again, it destroys the Main page.
It's fixed in 2.6.2-svn-6 now.
> Or does this bug insert an arbitrary user as the author?
No, but once the page is empty, you can of course do whatever you want.
/Janne
Re: bug in ACL handling?
Posted by Florian Holeczek <fl...@holeczek.de>.
> Ah. Figured it out. It's the "Rename sometimes empties pages" bug.
> The page was emptied by accident during rename operation, which clears
> the ACL (obviously), which in turn allows people to edit it.
So at the same time, the user "vijendrayadav" was renaming a page?
Or does this bug insert an arbitrary user as the author?
> I roughly know what the problem is, but I seem to be unable to
> replicate it. If I could, then it would be a lot easier to debug...
Really weird!
What about inserting some log messages in places where you may expect
the bug to occur?
Regards,
Florian
Re: bug in ACL handling?
Posted by Janne Jalkanen <ja...@iki.fi>.
> > I've just seen that the Main page on jspwiki.org had been edited by
> > someone who wasn't mentioned in the allow edit block... how could
> > this happen?
>
> I don't really know, and the log files are inconclusive.
Ah. Figured it out. It's the "Rename sometimes empties pages" bug.
The page was emptied by accident during rename operation, which clears
the ACL (obviously), which in turn allows people to edit it.
I roughly know what the problem is, but I seem to be unable to
replicate it. If I could, then it would be a lot easier to debug...
/Janne
Re: bug in ACL handling?
Posted by Janne Jalkanen <ja...@iki.fi>.
> I've just seen that the Main page on jspwiki.org had been edited by
> someone who wasn't mentioned in the allow edit block... how could
> this happen?
I don't really know, and the log files are inconclusive.
But I did find an "Administrator" account in the ACL - and we don't
have one. So it could be that there's a problem if there are pages
that have non-existent account names.
It should not have happened in the first case anyway.
/Janne