[moin-user] [moin-devel] MoinMoin 1.9.11 released, urgent security fixes!

Paul Boddie paul at boddie.org.uk
Sun Nov 8 16:39:02 EST 2020

On Sunday, 8 November 2020 19:22:57 CET Thomas Waldmann wrote:
> MoinMoin 1.9.11 released, urgent security fixes!
> Details:
> https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11

Thanks for taking care of this release!

I don't have a GitHub account that I generally use for personal projects, but 
there is one very simple patch that I would like to suggest that might help 
people generally:


diff --git a/MoinMoin/i18n/__init__.py b/MoinMoin/i18n/__init__.py
index 17061a83..b5abdf25 100644
--- a/MoinMoin/i18n/__init__.py
+++ b/MoinMoin/i18n/__init__.py
@@ -255,7 +255,7 @@ class Translation(object):

 def getDirection(lang):
     """ Return the text direction for a language, either 'ltr' or 'rtl'. """
-    return languages[lang]['x-direction']
+    return languages and languages[lang]['x-direction'] or 'ltr'

 def getText(original, request, lang, **kw):
     """ Return a translation of some original text.


Previously, when upgrading Moin, there have been times when it just breaks in 
a nasty and seemingly inexplicable way, and I am pretty sure we have had to 
troubleshoot this a few times on this list or via bug reports.

In the above, where there is some cache issue, the getDirection function fails 
because the languages mapping is not set up properly (or at the time of 
invocation), and I am not even sure that the usual "moin maint cleancache" 
advice helps.

This seems to have occurred in different forms several times over the years. 
For example:


Interestingly, the latter of the above bug reports links to a patch that 
potentially fixes the problem but only for WSGI. (Yes, I am still using CGI 
for the few wikis I have running.)

Anyway, thanks once again for the hard work!


More information about the moin-user mailing list