Closed Bug 245976 Opened 20 years ago Closed 20 years ago

Software error when trying to add a milestone

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Type:
task
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: jussi, Assigned: glob)

Details

Attachments

(1 file)

detaint sortkey in editmilestones
471 bytes, patch
goobix
: review+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040206 Firefox/0.8
Build Identifier: 

With taint mode enabled, adding a milestone results in this software error:

Software error:

Insecure dependency in parameter 1 of DBI::db=HASH(0x86a62d0)->prepare method
call while running with -T switch at Bugzilla/DB.pm line 60.

For help, please send mail to the webmaster (webmaster@www.comlink.fi), giving
this error message and the time and date of the error. 

After removing the -T switch, milestones are added properly so this seems to be
a regression from bug 141006.

A hint from #mozwebtools:

<glob> sortkey needs to be detainted in editmilestones
<jussi> glob: Thanks, I'll add that to the report
<glob> don't take it as gospel, but that's what it looks like
<glob> i can't run bz right now :(

Reproducible: Always
Steps to Reproduce:
Summary: Software error when trying to add a milestone → Software error when trying to add a milestone
Assignee: justdave → bugzilla
Status: UNCONFIRMED → NEW
Ever confirmed: true
Status: NEW → ASSIGNED

    
  

        Attachment #150341 -
        Flags: review?

    
    

    
  
Comment on attachment 150341 [details] [diff] [review]
detaint sortkey in editmilestones

This is the correct fix regarding the "add" action. r=vladd

However it seems we have similar problems when updating a milestone. I know
it's outside of the purpose of this bug, but it would be cool if someone would
take a look at what happens with the sortkey when updating an existing
milestone (Is the "must be a digit" validation in place when updating the
sortkey? Is the sortkey detainted as well in this case?)

If we want to keep this bug for the "add" action only, maybe a bug about the
"update" action should be searched (and opened if it doesn't exist already)

        Attachment #150341 -
        Flags: review? → review+

    
  
Flags: blocking2.18?
Flags: approval?
Flags: blocking2.18?
Flags: blocking2.18+
Flags: approval?
Flags: approval+
Target Milestone: --- → Bugzilla 2.18

    
    

    
  
(In reply to comment #2)
> If we want to keep this bug for the "add" action only, maybe a bug about the
> "update" action should be searched (and opened if it doesn't exist already)

i've created bug 246328 for the update action.

can someone please check this patch in for me.


    
    

    
  
Checking in editmilestones.cgi;
/cvsroot/mozilla/webtools/bugzilla/editmilestones.cgi,v  <--  editmilestones.cgi

new revision: 1.22; previous revision: 1.21
done

Changing resolution to FIXED.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: