[Phpwiki-talk] possible cache corruption in lib/WikiDB.php

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I am looking into the security problems that I (and others) have reported
with security (owners, permissions) on pages when using a MySQL database.

The specific test case that I have is
pre-condition - brand new/freshly created database
1 - login as administrator
2 - go to /PhpWikiAdministration/Chown
3 - select page RichTablePlugin (as it is owned by ReiniUrban and not by
the administrator)
4 - click "Chown Selected Pages"
5 - confirm
6 - go to /RichTablePlugin to see that the owner has been changed
7 - go back to /PhpWikiAdministration/Chown and see that RichTablePlugin
is apparently owned by ReiniUrban
8 - go to /RichTablePlugin to see that RichTablePlugin is apparently owned
by the administrator
9 - go back to /PhpWikiAdministration/Chown change the owner of
RichTablePlugin to the administrator again - but this time nothing happens

It appears that during the population of the cache with all of the pages
for the PageList, the cache or the intermediate data that is put into the
cache is corrupted, somewhere between
    WikiDB_cache->get_versiondata() - line 2051
and the return from this into
    WikiDB_page->getRevision() - line 1123

I am using the dbg debugger under phpeclipse so the specific location of
the error report may be an artefact of the tools that I am using. 
However, I have repeated this test case in several different environments
with different versions of php, apache and mysql, running both on Unix and
on Windows.

regards,
Charles