1155752 - Custom fields with an illegal type can be created

Status: NEW

(Bugzilla :: Administration, task)

Description

[Frédéric Buclin]

Bugzilla::Field::_check_type() only makes sure that the type ID of the new custom field is smaller than FIELD_TYPE_HIGHEST_PLUS_ONE, but it doesn't make sure that it's neither FIELD_TYPE_BUG_URLS nor FIELD_TYPE_KEYWORDS. As SQL_DEFINITIONS has no entry for these two fields, no column is created in the 'bugs' DB table, and Bugzilla crashes everytime it tries to display a bug.

Either these two types should be declared legal for custom fields (it seems that bug/field.html.tmpl and search/field.html.tmpl already have mostly everything we need for that), or they should be blacklisted by editfields.cgi. Note that _check_type() is not the right place to blacklist them, because Bugzilla::Field->create is also used to create hardcoded fields, including the See Also and Keywords fields.