Hotfix 2 for TWiki 4.0.4

This second hotfix for TWiki-4.0.4 contains the fixes for the important Known Issues found since the release of TWiki-4.0.4

The idea is to provide a more customer friendly approach to providing fixes to the more urgent problems found between releases and provide a quick and easy way for a TWiki administrator to install the hotfix by simply downloading a zip or tgz file, unpack it and copy all the files on top of an existing running production site (a backup is as always recommended).

The Hotfixes are accumulated and contains all the fixes released in earlier Hotfix packages. So you only need to apply the latest Hotfix package to update your current TWiki installation.

Known Problems resolved in this hotfix.

All bug fixes from Hotfix 4.0.4-1

Bugs:Item2607 - Crash TWiki with IF variable.

Under certain conditions the use of IF statements can make the page rendering fail (crash).

File updated is lib/TWiki/If.pm

Bugs:Item2619 - TOC Link URI References are not Relative

When you send a TWiki topic as HTML email or save the page as an HTML file the links in the TOC are absolute URLs instead of relative links. So instead of pointing locally the links point back to the original TWiki which may not even be accessible if it is placed behind a firewall. This fix changed TOC links to relative links.

File updated is lib/TWiki.pm

Bugs:Item2322 - Incomplete fix for Comment box should have ability to be disabled by skin template

An earlier bugfix for 4.0.3 caused the template for one-liner comments to break.

Files updated are data/TWiki/CommentPlugin.txt and data/TWiki/CommentPluginTemplate.txt

Bugs:Item2594 - Hierarchical webs and WEBLIST can make things excruciatingly slow

The code that generates the WEBLIST checks every file on TWiki to see if it's a directory. Given that the standard WebLeftBar uses WEBLIST, this essentially renders hierarchical webs useless. This fix will cause a significant speed-up if you have many webs and subwebs and many topics. Small TWikis with few webs and no subwebs will not see the difference.

File updated is lib/TWiki/Store/RcsFile.pm

Bugs:Item2631 (Workaround) - Reset Password does not work when $TWiki::cfg{MapUserToWikiName} = 0

In configure - for the MapUserToWikiName it says : "Map login name to Wiki name via the mapping in the topic named in {UsersTopicName}. Set this to $FALSE for .htpasswd authenticated sites where the user's wiki name is the name they use to log in, or if you have some other way of making the mapping to a Wiki name (e.g. a local Plugin). "

When you use .htpasswd authentication one will probably have unselected the option as instructed.

This will soon make your users complain that they cannot reset their password. The error they get is "Password reset failed - Can't find user WikiName?"

A proper fix is not yet available - but workaround seems to be to enable MapUserToWikiName in configure (default). No negative effect has been seen doing this even if .htpasswd authenticated is used and users are logging in with their wikiname.

Since this is a workaround no files are includes that fixes this issue.

Bugs:Item2666 - Javascript errors caused by twiki.js

In some events people see Javascript errors in the browser. This is the cure.

File updated is pub/TWiki/TWikiJavascripts/twiki.js

Bugs:Item2669 - Configure robustness update

Configure could check the validity of certain fields better. This fixes SecurityAlertCmdExecWithConfigure: Configure script allows arbitrary shell command execution (CVE-2006-3819).

File updated is bin/configure, bin/.htaccess.txt, INSTALL.html, and twiki_httpd_conf.txt

Files updated in this hotfix

lib/TWiki/Func.pm
lib/TWiki/UI/Register.pm
lib/TWiki/UI/Save.pm
lib/TWiki/Render.pm
lib/TWiki.pm
lib/TWiki/If.pm
data/TWiki/CommentPlugin.txt
data/TWiki/CommentPluginTemplate.txt
lib/TWiki/Store/RcsFile.pm
pub/TWiki/TWikiJavascripts/twiki.js
bin/configure
bin/.htaccess.txt
INSTALL.html
twiki_httpd_conf.txt

How to apply

Download the package from either zip or tgz.

• hotfix-4.0.4-2.tgz is best for Linux/Unix as it contains the correct file access rights
• hotfix-4.0.4-2.zip is best for Windows or for a hosted environment where you prefer getting default file access rights.

To make it easy for all - the hotfix is a zip or tgz file with the files placed in the same directories as a normal twiki installation. Simply copy the files on top of the existing files.

On Unix/Linux you may need to re-apply the correct file access rights to the replaced files. See SettingFileAccessRightsLinuxUnix for a quick way to do this in general.

Note that the hotfix is accumulated. It contains all fixes from earlier hotfix releases. You do not need to apply any earlier hotfixes first. If you have already applied an earlier hotfix this is no problem. The same files will simply be over written again

Problems Downloading?

Many have problems with downloading zip and tgz files from twiki.org. It is an Apache setup issue and we would love to hear from someone that knows how to avoid Apache from re-packing the downloads.

If you use the links above which are made as direct links to pub instead of using viewfile - you should get the files un-molested.

-- KennethLavrsen - 31 Jul 2006

-- Contributors: KennethLavrsen - 23 Jul 2006

Discussion

I don't know if this is related to the downloading problems stated above, but I'm having problems downloading TWiki-4.0.4.tgz and hotfix-4.0.4-2.tgz. When I try from a browser, the connection terminates after exactly 145512 bytes. To workaround, I'm currently downloading via wget. It's still terminating after every 145512 bytes, but wget reconnects and continues the download. I've no idea how to find out whether the problem is on my end or yours... suggestions?

-- MichaelMerten - 12 Aug 2006

It is not the same issue.

I tried and ran into the same experience as you. And then I tried again 5 times and it all went OK.

So something is goofy at TWiki.org.

-- KennethLavrsen - 13 Aug 2006