Uninitialized value warning from perl's Cookie.pm @ 162

RESOLVED FIXED in Bugzilla 2.18

Status

()

--
trivial
RESOLVED FIXED
15 years ago
6 years ago

People

(Reporter: mkanat, Assigned: robzilla)

Tracking

2.17.6
Bugzilla 2.18
Bug Flags:
approval +
blocking2.20 +
approval2.18 +
blocking2.18 +

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

15 years ago
On today's cvs-tip on my local machine, I get:

relogin.cgi: Use of uninitialized value in join or string at
/usr/lib/perl5/5.8.1/CGI/Cookie.pm line 162., referer:
http://localhost/bugzilla-tip/show_bug.cgi?id=1

I also get the same warning from createaccount and show_bug. Here's the
CGI::Cookie code around that area for perl 5.8.1:

161: my($key) = escape($self->name);
162: my($cookie) = join("=",$key,join("&",map escape($_),$self->value));
163: return join("; ",$cookie,@constant_values);

That's in a function called as_string. It's called by this code in CGI::Cookie:

use overload '""' => \&as_string,
    'cmp' => \&compare,
    'fallback'=>1;

The documentation says this:

Internally, Cookie overloads the "" operator to call its as_string()
method when incorporated into the HTTP header.  as_string() turns the
Cookie's internal representation into an RFC-compliant text
representation.  You may call as_string() yourself if you prefer:

  print "Set-Cookie: ",$c->as_string,"\n";

Is this a BZ bug or a CGI::Cookie bug?

-M
Probably a bugzilla bug. Can you print out the cookie key/value pairs, so that
we can see which ones are the issue?
(Reporter)

Comment 2

15 years ago
Here's what I've got for localhost in my cookies.txt:

localhost	FALSE	/bugzilla-tip/	FALSE	2145916801	VERSION-TestProduct	other
localhost	FALSE	/bugzilla-tip/	FALSE	2145916801	BUGLIST	1
localhost	FALSE	/	FALSE	2145916801	Bugzilla_logincookie	1
localhost	FALSE	/	FALSE	2145916801	Bugzilla_login	1

It might also be related to the fact that I have an old "/" cookie that stuck
around from before I changed the cookiepath. (Of course, Bugzilla administrator
will be in that situation, at least at first.)

-M
(Assignee)

Comment 3

15 years ago
I don't know how to create patches, and I don't use the CVS version, but here's 
how to fix this problem:

in Bugzilla/Auth/CGI.pm, add "-value => ''" to any $cgi->send_cookie() call 
that is missing it.  Because -value isn't specified, Cookie.pm would choke.

For example, in the sub logout(), change:
    $cgi->send_cookie(-name => "Bugzilla_login",
                      -expires => "Tue, 15-Sep-1998 21:49:00 GMT");
to
    $cgi->send_cookie(-name => "Bugzilla_login",
                      -value => '',
                      -expires => "Tue, 15-Sep-1998 21:49:00 GMT");
(Assignee)

Comment 4

14 years ago
Created attachment 161054 [details] [diff] [review]
Patch v1
(Assignee)

Updated

14 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: approval?

Updated

14 years ago
Assignee: myk → rsiklos

Updated

14 years ago
Attachment #161054 - Flags: review?(bbaetz)
(Assignee)

Updated

14 years ago
Flags: approval?

Comment 5

14 years ago
Created attachment 161264 [details] [diff] [review]
kiko_v1: centralize fix

The original patch is correct, but we can avoid fixing in two places by
clearing using a single function. For reference,
http://www.perldoc.com/perl5.8.0/lib/CGI/Cookie.html tells me that value is
indeed required. Tested fix, works.
Assignee: rsiklos → kiko
Attachment #161054 - Attachment is obsolete: true
Status: NEW → ASSIGNED

Updated

14 years ago
Attachment #161054 - Flags: review?(bbaetz)

Updated

14 years ago
Attachment #161264 - Flags: review?(timeless)

Updated

14 years ago
Attachment #161264 - Flags: review?(timeless) → review+

Updated

14 years ago
OS: Linux → All
Hardware: PC → All

Updated

14 years ago
Flags: approval?
(Assignee)

Comment 6

14 years ago
forgive me if this question is naive, but won't the solution in attachment
1612648 clear ALL the bugzilla cookies?  Isn't this bad?  Wouldn't you want to
keep the ones that store info like column display/sort settings, stagger
headers, etc.?
OS: All → Linux
Hardware: All → PC

Comment 7

14 years ago
(In reply to comment #6)
> forgive me if this question is naive, but won't the solution in attachment
> 1612648 clear ALL the bugzilla cookies? 

No, just the named cookies:

  - "Bugzilla_login"
  - "Bugzilla_logincookie"

Why did you think it would clear all cookies? The only change done is value=""
which is actually required by the Cookie.pm spec.
(Assignee)

Comment 8

14 years ago
yeah, sorry - you're totally right - nevermind :)
This is worthy of a backport to 2.18.  I hate messy server logs.
It'll need a new patch for 2.18, the CGI files moved since we branched.
Flags: blocking2.20+
Flags: blocking2.18+
Target Milestone: --- → Bugzilla 2.18
(Assignee)

Comment 10

14 years ago
Created attachment 162118 [details] [diff] [review]
rsiklos_2.18_v1

Patch attached for 2.18 branch
Assignee: kiko → rsiklos
(Assignee)

Updated

14 years ago
Attachment #162118 - Flags: review?

Updated

14 years ago
Attachment #162118 - Flags: review? → review+
(Assignee)

Updated

14 years ago
Flags: approval2.18?
Flags: approval?
Flags: approval2.18?
Flags: approval2.18+
Flags: approval+
OS: Linux → All
Hardware: PC → All

Comment 11

14 years ago
Checking in Bugzilla/Auth/CGI.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth/Attic/CGI.pm,v  <--  CGI.pm
new revision: 1.7.2.1; previous revision: 1.7
done
Checking in Bugzilla/Auth/Login/WWW/CGI.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth/Login/WWW/CGI.pm,v  <--  CGI.pm
new revision: 1.4; previous revision: 1.3
done
Status: ASSIGNED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED

Comment 12

14 years ago
Thanks for tracking this one down Rob.
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.