Closed
Bug 223937
Opened 21 years ago
Closed 21 years ago
web site error while updating email address
Categories
(Bugzilla :: User Accounts, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: shengh, Assigned: goobix)
Details
(Keywords: regression, Whiteboard: [fixed in 2.16.4] [fixed in 2.17.5])
Attachments
(3 files)
|
870 bytes,
patch
|
kiko
:
review+
myk
:
review+
|
Details | Diff | Splinter Review |
|
890 bytes,
patch
|
kiko
:
review+
myk
:
review+
|
Details | Diff | Splinter Review |
|
632 bytes,
patch
|
kiko
:
review+
justdave
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 I sent the following message to the webmaster@mozilla.org. Hi webmaster, Time: 2003-10-28 CET (central european time, berlin) around 13:30 ~ 13:36 I was using bugzilla.mozilla.org to change my login email to another one, I entered the new email in the bugzilla system, got mail in both old and new email address and ask me to confirm the change in new email address, click on the confirm link (http://bugzilla.mozilla.org/token.cgi?a=cfmem&t=&fC5CG$9), I was asked to enter the old mail address again, entered and hit submit, then I got the following error. Please can you check the system. Sheng. Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@mozilla.org and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Apache/1.3.27 Server at bugzilla.mozilla.org Port 80 Reproducible: Always Steps to Reproduce: 1. 2. 3.
|
||
Comment 1•21 years ago
|
||
[Tue Oct 28 04:29:35 2003] token.cgi: Use of uninitialized value in concatenation (.) or string at /opt/webtools/bugzilla/token.cgi line 221. [Tue Oct 28 04:29:35 2003] token.cgi: DBD::mysql::st execute failed: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 at globals.pl line 279.[Tue Oct 28 04:29:35 2003] [error] [client 158.140.2.102] malformed header from script. Bad header=<pre>SELECT userid, eventdata : /opt/webtools/bugzilla/token.cgi [Tue Oct 28 04:29:35 2003] token.cgi: SELECT userid, eventdata FROM tokens [Tue Oct 28 04:29:35 2003] token.cgi: WHERE token = : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 at globals.pl line 284. Tue Oct 28 04:29:48 2003] token.cgi: Use of uninitialized value in concatenation (.) or string at /opt/webtools/bugzilla/token.cgi line 221.[Tue Oct 28 04:29:48 2003] token.cgi: DBD::mysql::st execute failed: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 at globals.pl line 279.[Tue Oct 28 04:29:48 2003] [error] [client 158.140.2.102] malformed header from script. Bad header=<pre>SELECT userid, eventdata : /opt/webtools/bugzilla/token.cgi[Tue Oct 28 04:29:48 2003] token.cgi: SELECT userid, eventdata FROM tokens [Tue Oct 28 04:29:48 2003] token.cgi: WHERE token = : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 at globals.pl line 284.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: unspecified → 2.17.1
|
|
||
Comment 2•21 years ago
|
||
notice the token contains an '&' which is not URI-encoded I converted that to %26 and resubmitted http://bugzilla.mozilla.org/token.cgi?a=cfmem&t=%26fC5CG$9 and it took it. (you'll notice your address changed).
OS: Windows 2000 → All
Hardware: PC → All
|
|
||
Comment 3•21 years ago
|
||
This was previously fixed in Bugzilla 2.14 (pre-templatization - see bug 95535) and has regressed. Looking at the template which generates this (account/email/change-new.txt.tmpl) the line is: [% Param('urlbase') %]token.cgi?a=cfmem&t=[% token FILTER url_quote %] Which on its face appears to be doing the right thing. This means our url_quote filter is probably broken. I don't see where, looking at the code. My guess is we aren't using the filter API properly on our pass-through to Bugzilla::Util::url_quote If this affects 2.16 I want the fix for 2.16.4
|
Assignee | |
Comment 4•21 years ago
|
||
The issue is that %26 gets converted back to "&" in URLs by some email clients. The reasonable thing to do is to disable & from tokens. (notice that the $ char in the example above had to be escaped as well, but David submitted the token by escaping only the & char, and it worked, so $ and other chars aren't causing much trouble).
Assignee: myk → jocuri
|
|
Assignee | |
Updated•21 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 5•21 years ago
|
||
|
|
Assignee | |
Comment 6•21 years ago
|
||
|
|
Assignee | |
Updated•21 years ago
|
Attachment #134341 -
Flags: review?(kiko)
|
|
Assignee | |
Updated•21 years ago
|
Attachment #134342 -
Flags: review?(kiko)
|
|
Assignee | |
Comment 7•21 years ago
|
||
Oh, forgot about this: <vladd> justdave_: I did [% token = "&fC5CG$9" %] and then [% token FILTER url_quote %] in a template and it showed a string starting with %26 ... <vladd> The really cool solution is to disable & in tokens. <vladd> (really, the original problem is that some email clients convert back %26 to &, otherwise I really can't explain that, unless the memory of b.m.o got corrupted :) )
|
|
||
Updated•21 years ago
|
Attachment #134342 -
Flags: review?(myk)
|
|
||
Updated•21 years ago
|
Attachment #134341 -
Flags: review?(myk)
|
|
Assignee | |
Comment 8•21 years ago
|
||
The alternative would be to allow only [a-zA-Z0-9] or something similar; it doesn't restrict with much the number of available combinations for tokens, and we're safe on the encoding side, but it's pretty extreme.
|
||
Comment 9•21 years ago
|
||
Comment on attachment 134341 [details] [diff] [review] Against HEAD r=myk
Attachment #134341 -
Flags: review?(myk) → review+
|
|
||
Comment 10•21 years ago
|
||
Comment on attachment 134342 [details] [diff] [review] Against 2-16-branch r=myk
Attachment #134342 -
Flags: review?(myk) → review+
|
||
Comment 11•21 years ago
|
||
Comment on attachment 134341 [details] [diff] [review] Against HEAD And nicely wrapped, too :-)
Attachment #134341 -
Attachment description: Againest HEAD → Against HEAD
Attachment #134341 -
Flags: review?(kiko)
|
|
||
Updated•21 years ago
|
Attachment #134342 -
Attachment description: Againest 2-16-branch → Against 2-16-branch
Attachment #134342 -
Flags: review?(kiko)
|
|
||
Updated•21 years ago
|
Flags: approval?
|
|
||
Updated•21 years ago
|
Flags: approval? → approval+
Whiteboard: [ready for 2.16.4] [ready for 2.17.5]
|
|
Assignee | |
Comment 12•21 years ago
|
||
Checking in globals.pl; /cvsroot/mozilla/webtools/bugzilla/globals.pl,v <-- globals.pl new revision: 1.169.2.17; previous revision: 1.169.2.16 done Checking in globals.pl; /cvsroot/mozilla/webtools/bugzilla/globals.pl,v <-- globals.pl new revision: 1.249; previous revision: 1.248 done
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Whiteboard: [ready for 2.16.4] [ready for 2.17.5] → [fixed in 2.16.4] [fixed in 2.17.5]
|
|
Assignee | |
Comment 13•21 years ago
|
||
Forgot to remove the "&" in the 2-16 patch. Reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 14•21 years ago
|
||
|
|
Assignee | |
Updated•21 years ago
|
Attachment #134488 -
Flags: review?(kiko)
|
|
||
Comment 15•21 years ago
|
||
Comment on attachment 134488 [details] [diff] [review] Removing "&" from the 2-16 Branch this is not my day
Attachment #134488 -
Flags: review?(kiko) → review+
|
|
||
Comment 16•21 years ago
|
||
Comment on attachment 134488 [details] [diff] [review] Removing "&" from the 2-16 Branch r= + a=
|
|
Assignee | |
Comment 17•21 years ago
|
||
Checking in globals.pl; /cvsroot/mozilla/webtools/bugzilla/globals.pl,v <-- globals.pl new revision: 1.169.2.18; previous revision: 1.169.2.17 done
Status: REOPENED → RESOLVED
Closed: 21 years ago → 21 years ago
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•