Bugzilla.parameters is not accessible when requirelogin = 1 and the user is not logged in

RESOLVED FIXED in Bugzilla 4.4

Status

()

RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: LpSolit, Assigned: LpSolit)

Tracking

4.4.8
Bugzilla 4.4
Bug Flags:
approval +
approval5.0 +
approval4.4 +

Details

Attachments

(2 attachments)

(Assignee)

Description

4 years ago
Bugzilla.parameters is listed in LOGIN_EXEMPT (means it can bypass the requirelogin parameter), but as we call Bugzilla->login() from there, we are shooting ourselves in the foot as Bugzilla will catch that and reject the access with:

   You must log in before using this part of Bugzilla. (error 410)

So we should either call Bugzilla->login(LOGIN_OPTIONAL) or Bugzilla->user instead.
(Assignee)

Comment 1

4 years ago
Created attachment 8596173 [details] [diff] [review]
patch for 4.4 and 5.0, v1
Assignee: webservice → LpSolit
Status: NEW → ASSIGNED
Attachment #8596173 - Flags: review?(dkl)
(Assignee)

Comment 2

4 years ago
Created attachment 8596181 [details] [diff] [review]
patch for master, v1

I just realized that master has all its WS code duplicated in API/. What a pain.
Attachment #8596181 - Flags: review?(dkl)
(Assignee)

Updated

4 years ago
Attachment #8596173 - Attachment description: patch, v1 → patch for 4.4 and 5.0, v1
Comment on attachment 8596173 [details] [diff] [review]
patch for 4.4 and 5.0, v1

Review of attachment 8596173 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8596173 - Flags: review?(dkl) → review+
Comment on attachment 8596181 [details] [diff] [review]
patch for master, v1

Review of attachment 8596181 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8596181 - Flags: review?(dkl) → review+

Updated

4 years ago
Flags: approval?
Flags: approval5.0?
Flags: approval4.4?
Flags: approval?
Flags: approval5.0?
Flags: approval5.0+
Flags: approval4.4?
Flags: approval4.4+
Flags: approval+
(Assignee)

Comment 5

4 years ago
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   59b3d54..c698db3  master -> master

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   3fdf31b..9333dc1  5.0 -> 5.0

To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
   ea30806..3a21f12  4.4 -> 4.4
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.