Open Bug 1250936 Opened 8 years ago Updated 8 years ago

ThrowTemplateError not safe for CGI usage

Categories

(Bugzilla :: Bugzilla-General, defect, P2)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
5.0.2
Type:
defect

Tracking

()

People

(Reporter: tschoening, Unassigned)

References

Details

For some reason my Bugzilla currently is not able to create new bugs properly, but instead produces the well known "Internal server error" page of Apache httpd. The interesting thing is that the logs read like it is trying to send HTML output, but is simply missing headers:

> [Wed Feb 24 17:38:47.418262 2016] [cgi:error] [pid 29658:tid 140618084898560] [client 192.168.100.34:53985] malformed header from script
> 'post_bug.cgi': Bad header: <!DOCTYPE html>, referer: http://bugzilla.example.org/post_bug.cgi

I tracked this down to BugMail::_generate_bugmail:

>    $template->process("email/bugmail.txt.tmpl", $vars, \$msg_text)
>        || ThrowTemplateError($template->error());

For some still unknown reason processing this template fails, but the real problem in my opinion is that Bugzilla is unable to tell me this, because ThrowTemplateError is not printing any CGI headers. Instead it seems to assume that the caller already did that, but post_bug.cgi didn't. It prints CGI headers only at the end of the file, after all the heavy work where things might go wrong like in my case currently.

There is already bug 140460, which is somewhat similar, but only covers some part of the problem and it doesn't read like anyone ever worked on it.

There seem to be different possible solutions: Simply moving header ouput in post_bug.cgi to some earlier place, printing headers in ThrowTemplateError if not already done or always "die"ing if no headers were printed. Changing ThrowTemplateError sounds like the best solution to me, because Bugzilla exits anyway and this way all places like the one currently are fixed with one change.
Severity: normal → major
OS: Unspecified → All
Priority: -- → P2
Hardware: Unspecified → All
See Also: → 426463
I've added a reference to bug 426463, because I'm currently facing this one here again and another solution or at least workaround for this bug here could be to add the logging mentioned in bug 426463. It would change ThrowTemplateError in a way that I would be able to see the actual error, which is currently not the case, because Apache httpd only logs the first some lines of output HTML in its error log.
You need to log in before you can comment on or make changes to this bug.