Wiki Wiki Bugs Resolved

Items from WikiWikiBugs that have either been fixed or disproven.

This page is divided into Fixed, Arguable, and Not Bugs.


Fixed

You should not be able to go to this URL "http://c2.com/cgi/wiki?LinkPattern," (with the trailing comma). The trailing comma should invalidate the name. I suspect, since http://c2.com/cgi/wiki?FOO fails, you are currently checking if $page =~ /$LinkPattern/. However, this should be if $page =~ /^$LinkPattern$/. This is a minor bug because EditText correctly blocks the request. -- SunirShah [This seems to have been fixed.]


When a WikiName appears in the first paragraph of text, it is sometimes not rendered at all (see WikiInterchangeFormat for example). I also saw this a few weeks ago on WaterfallModel, where the token not rendered was 'WaterFall'. I thought the Perl script might be so emotional about WaterFall that it refused to render the token, which would be understandable. But this new example (above) convinces me it's a bug afterall, not just extreme attitude. -- WaldenMathews

This is a strange bug which may have been corrected by using slightly more verbose constructs in the perl implementation of the "is this page defined" check. Thanks go to CliffordAdams for divining this one. -- WardCunningham


SeshKumar has inadvertently found a security hole in the WikiWiki software. The bracketed links here allow JavaScript to be run. This can lead to attacks against unwitting users. JavaScript + wiki = bad. -- SunirShah

[The bracketed links feature was soon removed from this wiki to fix the above hole (see FixingLinks).]

On the contrary. I don't think that it is bad. It's a new feature towards a SmartWiki. I focussed this phenomenon in public for fairness, as soon as I noticed it. Ward has to make a decision, otherwise a new WikiEmigration (or WikiBrainDrain?) is on the way. -- FridemarPache

JavaScript is bad news. Keep in mind that JavaScript doesn't have a security bubble like a JVM theoretically does, so you can really screw with someone's computer. A SmartWiki by JavaScript is extremely evil. If you want an example of how this can fail badly, look at when ZWiki was SlashDotted recently. -- SunirShah

What happened in that case was that the front page was repeatedly replaced with javascript that reloaded the browser to a porn site. Eventually, the "attackers" calmed down and were content to simply graffiti the home page. Once Simon became aware, he locked down the front page.

By the way, as someone else pointed out, file:///c|/windows resolves. This is also very bad.

Indeed, but you can't write/read without setting user-controlled privileges. Can you? -- fp

Some recently-released versions of popular browsers have security holes in their Java implementations or in other plugin code. These holes can be abused to make the browser's system execute arbitrary code. If the JavaScript hole can redirect the user to a page on another site, that page could contain "hostile HTML" or applets which take advantage of these security flaws. -- CliffordAdams

Thanks. Could you (or someone else) please point to the security issues pages, that list the culprits. -- fp



Arguable (move to WikiWikiSuggestions?)

Diverting changes to RecentEdits when the page being changed is still on QuickChanges doesn't affect the ordering, but does affect the "time since last edit" display, such that the relevant item appears to be out of place.

Arguably not a bug but a feature - QuickChangesJunkies can spot MinorEdits in QuickChanges that way.



Non bugs


Back-links only work once


Appending a backslash to the URL of a WikiPage does strange things. Eg: http://c2.com/cgi/wiki?WikiWikiBugs\

Nothing strange - seems to have been fixed.

I disagree. You can create a page with a backslash in its name, but it's impossible to link to it (note the first line of any empty page with a backslashed name).

Incorrect - all you have created is a url for a non-existent page. Wiki doesn't object to certain special characters in the page name when showing a non-existent page, but if you then click to edit it, further validation is done and you get an error message.


The bug concerning links to SisterSites mentioned on ExistingPageOrBegging was resolved (then reappeared then re-fixed).



See also WikiWikiSuggestionsResolved


CategoryWikiMaintenance


EditText of this page (last edited July 9, 2006) or FindPage with title or text search