Forum OpenACS Development: Re: Re: XoWiki 0.30

Collapse
9: Re: Re: XoWiki 0.30 (response to 8)
Posted by Dave Bauer on
One other issue.

If you do not use subst_blank_in_name and allow spaces in names and URLs there is a bug

around line 548 in xowiki-procs.tcl

if {$granted} {
if {[$object istype ::xowiki::Package]} {
set base [$package_id package_url]
if {[info exists url]} {
return [uplevel export_vars -base $base$url [list $args]]
} else {
lappend args [list $method 1]
return [uplevel export_vars -base $base [list $args]]
}
} elseif {[$object istype ::xowiki::Page]} {
set base [$package_id url]
lappend args [list m $method]
return [uplevel export_vars -base $base [list $args]]
}

I cahnges the $base variable referece to \"$base\" to quote the value of $base (also did $base$url)

There is still an issue when creating the edit form if you use the [ or ] characters in the name, it is trying to execute it as a tcl proc. I could not figure out where to apply the proper escaping in that.

We probably should disallow [ and ] in names/urls anyway, but someone might also use it in a title, and the same issue occurs.