Author: KennethLavrsen Date: 2007-02-01 19:32:52 -0600 (Thu, 01 Feb 2007) New Revision: 12712 Added: twiki/branches/MAIN/lib/TWiki/Configure/Checkers/TempfileDir.pm Removed: twiki/branches/MAIN/lib/TWiki/Configure/Checkers/PassthroughDir.pm twiki/branches/MAIN/lib/TWiki/Configure/Checkers/Sessions/Dir.pm Modified: twiki/branches/MAIN/lib/TWiki.pm twiki/branches/MAIN/lib/TWiki.spec twiki/branches/MAIN/lib/TWiki/Client.pm twiki/branches/MAIN/tools/MANIFEST twiki/branches/MAIN/twikiplugins/UserInfoPlugin/lib/TWiki/Plugins/UserInfoPlugin/Core.pm Log: Item3547: The $TWiki::cfg{Sessions}{Dir} and $TWiki::cfg{PassthroughDir} are replaced by a new $TWiki::cfg{TempfileDir} which defaults to /tmp/twiki Modified: twiki/branches/MAIN/lib/TWiki/Client.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki/Client.pm 2007-02-01 18:15:07 UTC (rev 12711) +++ twiki/branches/MAIN/lib/TWiki/Client.pm 2007-02-02 01:32:52 UTC (rev 12712) @@ -181,7 +181,7 @@ return undef unless $ip; # no IP address, can't map my %ips; - if( open( IPMAP, '<', $TWiki::cfg{Sessions}{Dir}.'/ip2sid' )) { + if( open( IPMAP, '<', $TWiki::cfg{TempfileDir}.'/ip2sid' )) { local $/ = undef; %ips = map { split( /:/, $_ ) } split( /\r?\n/, <IPMAP> ); close(IPMAP); @@ -189,7 +189,7 @@ if( $sid ) { # known SID, map the IP addr to it $ips{$ip} = $sid; - open( IPMAP, '>', $TWiki::cfg{Sessions}{Dir}.'/ip2sid') || + open( IPMAP, '>', $TWiki::cfg{TempfileDir}.'/ip2sid') || die "Failed to open ip2sid map for write. Ask your administrator to make sure that the {Sessions}{Dir} is writable by the webserver user."; print IPMAP map { "$_:$ips{$_}\n" } keys %ips; close(IPMAP); @@ -246,18 +246,18 @@ my $sid = _IP2SID(); if( $sid ) { $this->{_cgisession} = CGI::Session->new( - undef, $sid, { Directory => $TWiki::cfg{Sessions}{Dir} } ); + undef, $sid, { Directory => $TWiki::cfg{TempfileDir} } ); } else { $this->{_cgisession} = CGI::Session->new( undef, undef, - { Directory => $TWiki::cfg{Sessions}{Dir} } ); + { Directory => $TWiki::cfg{TempfileDir} } ); _trace($this, "New IP2SID session"); _IP2SID( $this->{_cgisession}->id() ); } } else { $this->{_cgisession} = CGI::Session->new( undef, $query, - { Directory => $TWiki::cfg{Sessions}{Dir} } ); + { Directory => $TWiki::cfg{TempfileDir} } ); } die CGI::Session->errstr() unless $this->{_cgisession}; @@ -375,10 +375,10 @@ my $exp = $TWiki::cfg{Sessions}{ExpireAfter} || 36000; # 10 hours $exp = -$exp if $exp < 0; - opendir(D, $TWiki::cfg{Sessions}{Dir}) || return; + opendir(D, $TWiki::cfg{TempfileDir}) || return; foreach my $file ( grep { /^(passthru|cgisess)_[0-9a-f]{32}/ } readdir(D) ) { $file = TWiki::Sandbox::untaintUnchecked( - $TWiki::cfg{Sessions}{Dir}.'/'.$file ); + $TWiki::cfg{TempfileDir}.'/'.$file ); my @stat = stat( $file ); # CGI::Session updates the session file each time a browser views a # topic setting the access and expiry time as values in the file. This @@ -418,7 +418,7 @@ $this->{_cgisession} = CGI::Session->new( undef, $twiki->{cgiQuery}, - { Directory => $TWiki::cfg{Sessions}{Dir} } ); + { Directory => $TWiki::cfg{TempfileDir} } ); die CGI::Session->errstr() unless $this->{_cgisession}; } } Deleted: twiki/branches/MAIN/lib/TWiki/Configure/Checkers/PassthroughDir.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki/Configure/Checkers/PassthroughDir.pm 2007-02-01 18:15:07 UTC (rev 12711) +++ twiki/branches/MAIN/lib/TWiki/Configure/Checkers/PassthroughDir.pm 2007-02-02 01:32:52 UTC (rev 12712) @@ -1,36 +0,0 @@ -# -# TWiki Enterprise Collaboration Platform, http://TWiki.org/ -# -# Copyright (C) 2000-2006 TWiki Contributors. -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. For -# more details read LICENSE in the root of this distribution. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -# -# As per the GPL, removal of this notice is prohibited. -package TWiki::Configure::Checkers::PassthroughDir; - -use strict; - -use TWiki::Configure::Checker; - -use base 'TWiki::Configure::Checker'; - -sub check { - my $this = shift; - - my $e = ''; - unless( -d $TWiki::cfg{PassthroughDir}) { - my $e2 = $this->checkTreePerms( $TWiki::cfg{PassthroughDir}, 'rw' ); - $e .= $this->ERROR($e2) if $e2; - } - return $e; -} - -1; Deleted: twiki/branches/MAIN/lib/TWiki/Configure/Checkers/Sessions/Dir.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki/Configure/Checkers/Sessions/Dir.pm 2007-02-01 18:15:07 UTC (rev 12711) +++ twiki/branches/MAIN/lib/TWiki/Configure/Checkers/Sessions/Dir.pm 2007-02-02 01:32:52 UTC (rev 12712) @@ -1,38 +0,0 @@ -# -# TWiki Enterprise Collaboration Platform, http://TWiki.org/ -# -# Copyright (C) 2000-2006 TWiki Contributors. -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. For -# more details read LICENSE in the root of this distribution. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -# -# As per the GPL, removal of this notice is prohibited. -package TWiki::Configure::Checkers::Sessions::Dir; - -use strict; - -use TWiki::Configure::Checker; - -use base 'TWiki::Configure::Checker'; - -sub check { - my $this = shift; - - return '' unless $TWiki::cfg{UseClientSessions}; - - my $e = ''; - unless( -d $TWiki::cfg{Sessions}{Dir}) { - my $e2 = $this->checkTreePerms( $TWiki::cfg{Sessions}{Dir}, 'rw' ); - $e .= $this->WARN($e2) if $e2; - } - return $e; -} - -1; Added: twiki/branches/MAIN/lib/TWiki/Configure/Checkers/TempfileDir.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki/Configure/Checkers/TempfileDir.pm 2007-02-01 18:15:07 UTC (rev 12711) +++ twiki/branches/MAIN/lib/TWiki/Configure/Checkers/TempfileDir.pm 2007-02-02 01:32:52 UTC (rev 12712) @@ -0,0 +1,36 @@ +# +# TWiki Enterprise Collaboration Platform, http://TWiki.org/ +# +# Copyright (C) 2000-2006 TWiki Contributors. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. For +# more details read LICENSE in the root of this distribution. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# As per the GPL, removal of this notice is prohibited. +package TWiki::Configure::Checkers::TempfileDir; + +use strict; + +use TWiki::Configure::Checker; + +use base 'TWiki::Configure::Checker'; + +sub check { + my $this = shift; + + my $e = ''; + unless( -d $TWiki::cfg{TempfileDir}) { + my $e2 = $this->checkTreePerms( $TWiki::cfg{TempfileDir}, 'rw' ); + $e .= $this->ERROR($e2) if $e2; + } + return $e; +} + +1; Property changes on: twiki/branches/MAIN/lib/TWiki/Configure/Checkers/TempfileDir.pm ___________________________________________________________________ Name: svn:executable + * Modified: twiki/branches/MAIN/lib/TWiki.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki.pm 2007-02-01 18:15:07 UTC (rev 12711) +++ twiki/branches/MAIN/lib/TWiki.pm 2007-02-02 01:32:52 UTC (rev 12712) @@ -778,8 +778,8 @@ require Digest::MD5; my $md5 = new Digest::MD5(); $md5->add($$, time(), rand(time)); - my $uid = $TWiki::cfg{PassthroughDir}.'/passthru_'.$md5->hexdigest(); - open(F, ">$uid") || die "{PassthroughDir} cache not writable $!"; + my $uid = $TWiki::cfg{TempfileDir}.'/passthru_'.$md5->hexdigest(); + open(F, ">$uid") || die "{TempfileDir} cache not writable $!"; $query->save(\*F); close(F); return 'twiki_redirect_cache='.$uid; Modified: twiki/branches/MAIN/lib/TWiki.spec =================================================================== --- twiki/branches/MAIN/lib/TWiki.spec 2007-02-01 18:15:07 UTC (rev 12711) +++ twiki/branches/MAIN/lib/TWiki.spec 2007-02-02 01:32:52 UTC (rev 12712) @@ -120,13 +120,16 @@ # $TWiki::cfg{LocalesDir} = '/home/httpd/twiki/po'; # **PATH M** -# Directory where passthrough files used by twiki are stored. Passthrough files -# are used by TWiki to work around the limitations of HTTP. +# Directory where temporary files used by twiki are stored. +# Passthrough files are used by TWiki to work around the limitations of HTTP and +# session files (when enabled) which are files used to record data about active +# users - for example, whether they are logged in or not. # <b>Security Note:</b> The directory must <b>not</b> be # browseable from the web, otherwise it could be used to intercept parameters -# used when someone logs in! Additionally it is recommended to setup access rights -# to this directory so only the web server user can create files. -$TWiki::cfg{PassthroughDir} = '/tmp/twiki'; +# used when someone logs in! Additionally it is recommended to setup access +# rights to this directory so only the web server user can create files. +# Otherwise it could be used to mount an attack on the server! +$TWiki::cfg{TempfileDir} = '/tmp/twiki'; # **STRING 10** # Suffix of TWiki CGI scripts (e.g. .cgi or .pl). You may need to set this @@ -160,19 +163,10 @@ # be able to remember logged-in users consistently. # # See TWiki.TWikiUserAuthentication for a full discussion of the pros and -# cons of using persistent sessions. +# cons of using persistent sessions. Session files are stored in the +# {TempfileDir}. $TWiki::cfg{UseClientSessions} = 1; -# **STRING 100** -# Absolute file path of the directory in which session files -# are stored. Session files are files used to record data about active -# users - for example, whether they are logged in or not. -# <b>Security Note:</b> The directory must <b>not</b> be -# browseable from the web, otherwise it could be used to mount an attack on -# the server! Additionally it is recommended to setup access rights -# to this directory so only the web server user can create files. -$TWiki::cfg{Sessions}{Dir} = '/tmp/twiki'; - # **STRING 20 EXPERT** # Set the session timeout, in seconds. The session will be cleared after this # amount of time without the session being accessed. The default is 6 hours @@ -215,7 +209,7 @@ # client IP addresses are known to be unique. # If this option is enabled, TWiki will <b>not</b> store cookies in the # browser. -# The mapping is held in the file $TWiki::cfg{Sessions}{Dir}/ip2sid. If you turn +# The mapping is held in the file $TWiki::cfg{TempfileDir}/ip2sid. If you turn # this option on, you can safely turn {Sessions}{IDsInURLs} <i>off</i>. $TWiki::cfg{Sessions}{MapIP2SID} = 0; Modified: twiki/branches/MAIN/tools/MANIFEST =================================================================== --- twiki/branches/MAIN/tools/MANIFEST 2007-02-01 18:15:07 UTC (rev 12711) +++ twiki/branches/MAIN/tools/MANIFEST 2007-02-02 01:32:52 UTC (rev 12712) @@ -445,7 +445,7 @@ lib/TWiki/Configure/Checkers/MinPasswordLength.pm 0444 lib/TWiki/Configure/Checkers/NameFilter.pm 0444 lib/TWiki/Configure/Checkers/OS.pm 0444 -lib/TWiki/Configure/Checkers/PassthroughDir.pm 0444 +lib/TWiki/Configure/Checkers/TempfileDir.pm 0444 lib/TWiki/Configure/Checkers/PubDir.pm 0444 lib/TWiki/Configure/Checkers/PubUrlPath.pm 0444 lib/TWiki/Configure/Checkers/RCS/asciiFileSuffixes.pm 0444 @@ -469,7 +469,6 @@ lib/TWiki/Configure/Checkers/RegistrationApprovals.pm 0444 lib/TWiki/Configure/Checkers/ScriptSuffix.pm 0444 lib/TWiki/Configure/Checkers/ScriptUrlPath.pm 0444 -lib/TWiki/Configure/Checkers/Sessions/Dir.pm 0444 lib/TWiki/Configure/Checkers/Sessions/ExpireAfter.pm 0444 lib/TWiki/Configure/Checkers/Site/CharSet.pm 0444 lib/TWiki/Configure/Checkers/Site/Locale.pm 0444 Modified: twiki/branches/MAIN/twikiplugins/UserInfoPlugin/lib/TWiki/Plugins/UserInfoPlugin/Core.pm =================================================================== --- twiki/branches/MAIN/twikiplugins/UserInfoPlugin/lib/TWiki/Plugins/UserInfoPlugin/Core.pm 2007-02-01 18:15:07 UTC (rev 12711) +++ twiki/branches/MAIN/twikiplugins/UserInfoPlugin/lib/TWiki/Plugins/UserInfoPlugin/Core.pm 2007-02-02 01:32:52 UTC (rev 12712) @@ -42,6 +42,7 @@ # figure out where the sessions are $this->{sessionDir} = + $TWiki::cfg{TempfileDir} || $TWiki::cfg{Sessions}{Dir} || &TWiki::Func::getDataDir() . "/.session"; if (! -e $this->{sessionDir}) { |