Closed
Bug 108312
Opened 23 years ago
Closed 23 years ago
Mid air collision page may not show all updates
Categories
(Bugzilla :: Creating/Changing Bugs, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: jacob, Assigned: jacob)
References
Details
Attachments
(1 file)
1.11 KB,
patch
|
luis
:
review+
myk
:
review+
|
Details | Diff | Splinter Review |
When a midair collision happens, it only shows the last change made to a bug,
not all changes that happened since you loaded the page.
To reproduce:
1. Load a bug (#3 for example)
2. Load the same bug in a different window.
3. Make a change (any field)
4. Click the "Back to bug" link
5. Make another change (still in the different window).
6. Return to the original window and make a change.
7. You'll get a mid-air collision, but only of the things you changed the
second time.
8. Choose to submit your changes anyway. It will overright both changes,
even though it only showed you one on the Mid Air screen.
Patch forthcoming.
Assignee | ||
Comment 1•23 years ago
|
||
Assignee | ||
Updated•23 years ago
|
Status: NEW → ASSIGNED
Updated•23 years ago
|
Target Milestone: --- → Bugzilla 2.16
Comment 3•23 years ago
|
||
Er... I remember there was a security bug where you could hack the delta_ts in
the form to 0, and then get a midair on a security bug and it would show you all
of the comments in that bug even if you couldn't see the bug itself. Would
relying on the value from the form re-introduce that?
Gerv
Comment 4•23 years ago
|
||
not as long as we're making sure they can see the bug first before we go
checking if they've collided with it.
Comment 5•23 years ago
|
||
blocks a blocker so it's a blocker
Comment 6•23 years ago
|
||
Do we check that they have permissions? If not, that has to be fixed first.
Comment 7•23 years ago
|
||
so is anyone going to look and find out instead of continuing to ask that
question over and over?
Comment 8•23 years ago
|
||
OK, I did some testing on bugzilla.mozilla.org with bug 108385, which is
restricted to the security group.
Test 1:
1) Logged in as justdave@syndicomm.com, which can see that bug.
2) Saved a copy of the page as an HTML file on my local drive.
3) Logged out.
4) Logged back in as bzbot@landfill.tequilarista.org, which doesn't have access
to that bug.
5) Edited the form action in the HTML to use a full URL instead of relative.
6) Loaded the HTML page, typed in a comment, and hit Commit.
Results: I was presented with a box informing me that I didn't have access to
that bug.
Test 2:
1) Logged back in as justdave@syndicomm.com.
2) Added a comment to bug 108385 (which updated the delta_ts)
3) Logged in as bzbot@landfill.tequilarista.org
4) Loaded the previously saved HTML file (which still has the old delta_ts in it)
5) Added a comment and clicked Commit (should get a midair this time because the
delta_ts has changed)
Results: I was presented with a box informing me that I didn't have access to
that bug.
Conclusion: Permission to access the bug is indeed checked before a midair
collission is checked for.
Comment 9•23 years ago
|
||
Comment on attachment 56372 [details] [diff] [review]
use $::FORM{'delta_ts'} to determine where to start showing the changes.
r=louie
Looks good here.
Attachment #56372 -
Flags: review+
Comment 10•23 years ago
|
||
Comment on attachment 56372 [details] [diff] [review]
use $::FORM{'delta_ts'} to determine where to start showing the changes.
Works, looks good. r=myk
Attachment #56372 -
Flags: review+
Assignee | ||
Comment 11•23 years ago
|
||
Checking in CGI.pl;
/cvsroot/mozilla/webtools/bugzilla/CGI.pl,v <-- CGI.pl
new revision: 1.124; previous revision: 1.123
done
Checking in process_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v <-- process_bug.cgi
new revision: 1.109; previous revision: 1.108
done
[
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•