SID-01289: Func.pm saveFile has insecure dependency

Status:	Answered	TWiki version:	5.1.0	Perl version:	5.8.8
Category:	CategoryError	Server OS:	CentOS 5, kernel 2.6.18	Last update:	13 years ago

When trying to log into our Wiki (externally authenticated via SSO through LDAP) I get the following message for users that don't yet have a mapping in the UsersList

Insecure dependency in open while running with -T switch at /var/www/twiki/lib/TWiki/Func.pm line 2652

If a user mapping exists the error doesn't occur, but the problem is that the error comes up immediately after authentication, thus preventing the user from completing their TWiki registration to facilitate the user mapping.

-- CameronWood - 2011-10-11

Discussion and Answer

That line is open( FILE, ">$name" ) of the TWiki::Func::saveFile utility function. Can you debug to see who is calling this? Obviously the file name passed to the function needs to be sanitized and untainted.

-- PeterThoeny - 2011-10-11

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2012-01-23

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.