Description
In MoinMoin 1.9.2, an attempt by an unauthorized user to create a page fails when they attempt to edit it, but leaves a junk directory behind in data/pages. It appears that the ACL is not checked at page creation time.
Steps to reproduce
- Set acl_rights_* to give no permissions to users who aren't logged in.
Log out and navigate to a page that doesn't exist (e.g. NoSuchPage).
- Attempt to create it anyway.
- You will get an error message saying that you don't have permission to write the page.
Look in data/pages directory to find NoSuchPage directory and empty NoSuchPage/edit-log.
Example
Component selection
- general
Details
MoinMoin Version |
1.9.2 |
OS and Version |
Mac OS X 10.6 |
Python Version |
2.6.1 |
Server Setup |
Apache CGI |
Server Details |
|
Language you are using the wiki in |
English |
Workaround
Delete junk directories from time to time (a little dangerous) or ignore them.
Discussion
Related to bug MoinMoinBugs/AccessingNonexistantPagesCreatesEmptyPageDirectories - problem is that page.exists() checks the PermissionDeniedPage, not the correct page.
Plan
- Priority:
- Assigned to:
- Status: