Item11473: Author is shown as UnknownUser on topics where .txt has been mauled by an external process

Between 1.1.3 and 1.1.4 someone have changed the user mapping code so people not present in WikiUsers (not registered but authenticated) are displayed as UnknownUser

They are supposed to be displayed with their login name (cUID) as it is stored in the topic UNLESS the $Foswiki::cfg{RenderLoggedInButUnknownUsers} is false (which is the default)

This is a serious security issue because it basically means that half of my users appear to be able to edit pages anonymously. So serious that I am now reverting back to 1.1.3

We need this fixed very quickly and a patch made available on the download page.

-- KennethLavrsen - 25 Jan 2012

As Paul pointed out on IRC, this is most certainly NOT what's happening, but more Item11091 which forces you to touch the ,v files after playing around with the .txt.

-- OlivierRaginel - 25 Jan 2012

After some discussion on IRC, I think this might be the result of Item11091 which cleans up TOPICINFO on mauled .txt files; see distro:5a79947c9bfd

-- PaulHarvey - 25 Jan 2012

This is confirmed. It was because I had modified more than 1000 topics by search and replace to fix the consequences of another bug

-- KennethLavrsen - 25 Jan 2012

So can we close that one as No Action then?

-- OlivierRaginel - 25 Jan 2012

I have merged with Item11454, and updated that task to address the concerns raised here.

These concerns need to be in the same task because they have the same cause, and hopefully the same fix.

Also re-titled this bug to more accurately reflect the underlying problem.

-- PaulHarvey - 27 Jan 2012

Commenting is disabled while not logged in