Please take a look at: http://twiki.org/cgi-bin/view/Support/TWikiVer4x0x4FileAttachmentProblem

Crawford suggested raising the bug so I am doing it.

There are three things which IMHO should be adressed:

• making sure that the script correctly sets RCS settings (e.g. ciCmd) in LocalSite.cfg file - in our case we did not touch the original Cairo settings and anyhow we ended up with wrong (not compatible with Dakar) settings after performing the migration. There should be some statement in TWiki upgrade guide, mentioning that RCS settings has been changes and now special flags %U, %D, etc. are used. So that people after migration take a look on their settings.
  • Can you (or anyone else) suggest where, and what it should say?CC
  • I see two possible places: TWikiUpgradeTo04x00x00 or TWikiUpgradeGuide. In the secion starting with "There are a few points worth noting" of the latter topic, one could add: "Please observe that Twiki 4.0.4 uses different security (sandbox) model than Cairo with regard to handling of RCS files, therefore RCS related settings (e.g. ciCmd) in TWiki configuration file (now LocalSite.cfg, before TWiki.cfg) should be different. Now these settings should contain special flags (%U, %D), which let TWiki use RCS commands without causing security violations, which would lead to inability to version files. There were reported issues, where upgrade script did not set these setting correctly automatically." -- WojciechSeliga - 01 Sep 2006
• security of using suggested %U flag with comment (-m option to ciCmd). Won't it allow malicious users to upload files with some forged comment containing shell operators (e.g. | >) which in turn would allow them to run something on the server side?
  • On most platforms, no, because safe pipes are used for execution. On Windows servers, depending on how they are set up, yes. CC
• error handling: 4.0.4 silently accepts bad RCS settings (untainted variables) and just does nothing (or even worse: it effectively switches off versioning and overwrites existing files whenever anybody upload something new). I think that the exception caught in RcsWrap.pm should somehow be propagated to the user
  • Agreed. Reverse engineering error handling onto the store is an ongoing nightmare. CC

TWiki upgrade script is being deprecated, discarding this.

(Decision at TWiki:Codev.EdinburghReleaseMeeting2007x01x08).

-- SP