Menu
▾
▴
Re: [Phpwiki-talk] possible cache corruption in lib/WikiDB.php
|
From: Reini U. <ru...@x-...> - 2005-01-13 13:18:25
|
Charles Corrigan schrieb: > I am looking into the security problems that I (and others) have reported > with security (owners, permissions) on pages when using a MySQL database. > > The specific test case that I have is > pre-condition - brand new/freshly created database > 1 - login as administrator > 2 - go to /PhpWikiAdministration/Chown > 3 - select page RichTablePlugin (as it is owned by ReiniUrban and not by > the administrator) > 4 - click "Chown Selected Pages" > 5 - confirm > 6 - go to /RichTablePlugin to see that the owner has been changed > 7 - go back to /PhpWikiAdministration/Chown and see that RichTablePlugin > is apparently owned by ReiniUrban > 8 - go to /RichTablePlugin to see that RichTablePlugin is apparently owned > by the administrator > 9 - go back to /PhpWikiAdministration/Chown change the owner of > RichTablePlugin to the administrator again - but this time nothing happens > > It appears that during the population of the cache with all of the pages > for the PageList, the cache or the intermediate data that is put into the > cache is corrupted, somewhere between > WikiDB_cache->get_versiondata() - line 2051 > and the return from this into > WikiDB_page->getRevision() - line 1123 > > I am using the dbg debugger under phpeclipse so the specific location of > the error report may be an artefact of the tools that I am using. > However, I have repeated this test case in several different environments > with different versions of php, apache and mysql, running both on Unix and > on Windows. yep, I know. It's on my todo list also. * pagedata_cache on PageGroupTest/subpage wrong PhpWikiAdmin/Chown owner display Maybe you'll find it. I'm quite busy with another project. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
