Closed
Bug 242405
Opened 20 years ago
Closed 20 years ago
Turning on QA contact causes taint error in Bugzilla/Series.pm when adding a component
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: shengh, Assigned: glob)
Details
Attachments
(1 file, 2 obsolete files)
|
2.06 KB,
patch
|
bugreport
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 I had my bugzilla upgraded from 2.16.2. Truned on the QA contact, now that I see "missing" in all of the components, which is of cause a OK as I don't have that before. Then I added a new component to the list, however I received the following error: Software error: Insecure dependency in parameter 1 of DBI::db=HASH(0x860957c)->do method call while running with -T switch at Bugzilla/Series.pm line 184. For help, please send mail to the webmaster (vcad_webmaster@cadence.com), giving this error message and the time and date of the error. However, as I look into the database, the new component is added to the component list. Then I tried to add a new bug to the new component, ooops, failed as Bugzilla is suffering from "internal error" and cannot proceed further. As i can tell, edit/add bugs are still fine for old components, just those components created after the upgrade are tied to this problem. Then if I turned the QA contact off in the edit param page, all goes fine, edit/add either old existing components, or newly created components are proceeded as normal. Reproducible: Always Steps to Reproduce: 1. 2. 3.
|
||
Comment 1•20 years ago
|
||
What version did you upgrade *to*? The problem you're having with the bugs sounds to me like a side-effect of the error you got when adding the component.
Summary: Turned on QA contact cause submit bug failed → Turning on QA contact causes taint error in Bugzilla/Series.pm when adding a component
|
|
||
Comment 2•20 years ago
|
||
question: is the Bugzilla webserver running Windows? I don't believe editcomponents.cgi is supposed to be running in taint mode yet...
Blocks: 141006
|
||
Comment 4•20 years ago
|
||
I cannot make this happen
Maybe not a bug itself in the 2.17.7, instead something need to be find out between 2.16.2 ~ 2.17.7?
I still experience this problem :-( Now the system is turn to QA off all the time. If I add a new component to a existing product, bugzilla reports error as before, however it does add the new component to the database. I can see the new component from the component list whe I try to add a bug. However, if I really go to add a new bug __right after__ I create the new component, I will receive an other error message, something like "illegal component list" (sorry, my colleague found the problem bug didn't saved the message). Then the second time if I try to add the other bug to this component, it passes and everything seems correctly added!! Mytery! I will try again to reproduce this problem, please let me know what else information/data/log you guys will need. cheers.
Okey, I just reproduced the scenario myself and here is the log I save from mysql log file and Bugzilla screen output. Adding a new component named "Vescs" under product "Skill packages": *********************** log from screen *************** Adding new component of Skill packages Software error: Insecure dependency in parameter 1 of DBI::db=HASH(0x86093fc)->do method call while running with -T switch at Bugzilla/Series.pm line 184. For help, please send mail to the webmaster (vcad_webmaster@cadence.com), giving this error message and the time and date of the error. ******************* log from mysql ************************** 040602 15:12:58 44462 Connect bugs@172.29.139.182 on bugs 44462 Query SELECT profiles.userid, profiles.disabledtext FROM logincookies, profiles WHERE logincookies.cookie='201' AND logincookies.userid=profiles.userid AND logincookies.userid='1' AND (logincookies.ipaddr='172.29.139.136' OR logincookies.ipaddr='172.29.139.136') 44462 Query UPDATE logincookies SET lastused=NULL WHERE cookie='201' 44462 Query SELECT userid, login_name, realname, mybugslink FROM profiles WHERE userid='1' 44462 Query SELECT 1 FROM profiles, groups WHERE userid='1' AND profiles.refreshed_when <= groups.last_changed 44462 Query SELECT DISTINCT groups.name, group_id FROM groups, user_group_map WHERE groups.id=user_group_map.group_id AND user_id='1' AND isbless=0 44462 Query SELECT name, query, linkinfooter FROM namedqueries WHERE userid='1' ORDER BY UPPER(name) 44462 Query SELECT name FROM products WHERE name='Skill packages' 44462 Query SELECT id FROM products WHERE name = 'Skill packages' 44462 Query SELECT components.name FROM components, products WHERE products.id = components.product_id AND products.name='Skill packages' AND components.name='Vescs' 44462 Query select userid from profiles where login_name = 'shengh@cadence.com' 44462 Query select userid from profiles where login_name = '' 44462 Query INSERT INTO components ( product_id, name, description, initialowner, initialqacontact ) VALUES ( 11,'Vescs','Vcad enhanced schematic check&save','1','0') 44462 Query LOCK TABLES series_categories WRITE, series WRITE, user_series_map WRITE 44462 Query SELECT category_id from series_categories WHERE name ='Skill packages' 44462 Query SELECT category_id from series_categories WHERE name ='Vescs' 44462 Query INSERT INTO series_categories (name) VALUES ('Vescs') 44462 Query SELECT category_id from series_categories WHERE name ='Vescs' 44462 Quit ***************** log end for add new component ************************
Try to add a bug for the component I just added (Vescs). It produced the following error message in browser: ***************** log from screen ********************** editcomponents.cgi: Insecure dependency in parameter 1 of DBI::db=HASH(0x86093fc)->do method call while running with -T switch at Bugzilla/Series.pm line 184. Internal Error Bugzilla has suffered an internal error. Please save this page and send it to shengh@cadence.com with details of what you were doing at the time this message appeared. URL: http://portcullis/bugzilla/post_bug.cgi A legal Component was not set. ******************** log from mysql ********************** 040602 15:14:25 44463 Connect bugs@172.29.139.182 on bugs 44463 Query SELECT 1 FROM group_control_map WHERE entry != 0 LIMIT 1 44463 Query SELECT profiles.userid, profiles.disabledtext FROM logincookies, profiles WHERE logincookies.cookie='201' AND logincookies.userid=profiles.userid AND logincookies.userid='1' AND (logincookies.ipaddr='172.29.139.136' OR logincookies.ipaddr='172.29.139.136') 44463 Query UPDATE logincookies SET lastused=NULL WHERE cookie='201' 44463 Query SELECT userid, login_name, realname, mybugslink FROM profiles WHERE userid='1' 44463 Query SELECT 1 FROM profiles, groups WHERE userid='1' AND profiles.refreshed_when <= groups.last_changed 44463 Query SELECT DISTINCT groups.name, group_id FROM groups, user_group_map WHERE groups.id=user_group_map.group_id AND user_id='1' AND isbless=0 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Bugzilla' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Customer' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Epm' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Infrastructure' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Isador' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'PCM' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'PCT' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Skill packages' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'TimeTracker' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Vcad IP' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'VCAD Web' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'VPRM' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'VSH' LIMIT 1 44463 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'WCDI' LIMIT 1 44463 Query SELECT name, query, linkinfooter FROM namedqueries WHERE userid='1' ORDER BY UPPER(name) 44463 Quit
I tried the above twice, but all failed to add a new bug with this new component. So then I surrendered with this session, click on the add new bug link at the foot banner, tried again to redraw the page, filled the form for the same thing and hit commit button.......processed and added! No error, no warning...and here is the log from mysql for this action: ***************** log from mysql **************** 040602 15:20:57 44470 Connect bugs@172.29.139.182 on bugs 44470 Query SELECT profiles.userid, profiles.disabledtext FROM logincookies, profiles WHERE logincookies.cookie='201' AND logincookies.userid=profiles.userid AND logincookies.userid='1' AND (logincookies.ipaddr='172.29.139.136' OR logincookies.ipaddr='172.29.139.136') 44470 Query UPDATE logincookies SET lastused=NULL WHERE cookie='201' 44470 Query SELECT userid, login_name, realname, mybugslink FROM profiles WHERE userid='1' 44470 Query SELECT 1 FROM profiles, groups WHERE userid='1' AND profiles.refreshed_when <= groups.last_changed 44470 Query SELECT userid, realname, login_name FROM profiles WHERE login_name = 'shengh@cadence.com' 44470 Query SELECT userid, login_name, realname, mybugslink FROM profiles WHERE userid='1' 44470 Query SELECT 1 FROM profiles, groups WHERE userid='1' AND profiles.refreshed_when <= groups.last_changed 44470 Query SELECT id FROM products WHERE name = 'Skill packages' 44470 Query SELECT DISTINCT groups.name, group_id FROM groups, user_group_map WHERE groups.id=user_group_map.group_id AND user_id='1' AND isbless=0 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Skill packages' LIMIT 1 44470 Query SELECT id FROM components WHERE product_id = 11 AND name = 'Vescs' 44470 Query select userid from profiles where login_name = 'shengh@cadence.com' 44470 Query SELECT defaultmilestone FROM products WHERE name='Skill packages' 44470 Query SELECT isactive FROM groups WHERE id=22 44470 Query SELECT user_id FROM user_group_map WHERE user_id = 1 AND group_id = 22 AND isbless = 0 44470 Query SELECT DISTINCT groups.id, groups.name, membercontrol, othercontrol FROM groups LEFT JOIN group_control_map ON group_id = id AND product_id = 11 WHERE isbuggroup != 0 AND isactive != 0 ORDER BY description 44470 Query INSERT INTO bugs (version,rep_platform,bug_severity,priority,op_sys,assigned_to,bug_status,bug_file_loc,short_desc,target_milestone,everconfirmed,product_id,component_id, reporter, creation_ts, estimated_time, remaining_time) VALUES ('unspecified','PC','normal','P3','Linux','1','NEW','','Create base class','---','1','11','128',1, now(), 0, 0) 44470 Query select now() 44470 Query select LAST_INSERT_ID() 44470 Query INSERT INTO bug_group_map (bug_id, group_id) VALUES (3340022, 22) 44470 Query INSERT INTO longdescs (bug_id, who, bug_when, thetext) VALUES (3340022, 1, now(), 'Create top level base class') 44470 Query select login_name from profiles where userid = 1 44470 Query SELECT bugs.bug_id, alias, bugs.product_id, products.name, version, rep_platform, op_sys, bug_status, resolution, priority, bug_severity, bugs.component_id, components.name, assigned_to, reporter, bug_file_loc, short_desc, target_milestone, qa_contact, status_whiteboard, DATE_FORMAT(creation_ts,'%Y.%m.%d %H:%i'), delta_ts, ifnull(sum(votes.vote_count),0), reporter_accessible, cclist_accessible, estimated_time, remaining_time from bugs left join votes using(bug_id), products, components where bugs.bug_id = 3340022 AND products.id = bugs.product_id AND components.id = bugs.component_id group by bugs.bug_id 44470 Query SELECT bugs.bug_id, reporter, assigned_to, qa_contact, reporter_accessible, cclist_accessible, cc.who IS NOT NULL, COUNT(DISTINCT(bug_group_map.group_id)) as cntbugingroups, COUNT(DISTINCT(user_group_map.group_id)) as cntuseringroups FROM bugs LEFT JOIN cc ON bugs.bug_id = cc.bug_id AND cc.who = 1 LEFT JOIN bug_group_map ON bugs.bug_id = bug_group_map.bug_id LEFT JOIN user_group_map ON user_group_map.group_id = bug_group_map.group_id AND user_group_map.isbless = 0 AND user_group_map.user_id = 1 WHERE bugs.bug_id = 3340022 GROUP BY bugs.bug_id 44470 Query SELECT userid, login_name, realname, mybugslink FROM profiles WHERE userid='1' 44470 Query SELECT 1 FROM profiles, groups WHERE userid='1' AND profiles.refreshed_when <= groups.last_changed 44470 Query SELECT userid, login_name, realname, mybugslink FROM profiles WHERE userid='1' 44470 Query SELECT 1 FROM profiles, groups WHERE userid='1' AND profiles.refreshed_when <= groups.last_changed 44470 Query select who from cc where bug_id=3340022 44470 Query SELECT keyworddefs.name FROM keyworddefs, keywords WHERE keywords.bug_id = 3340022 AND keyworddefs.id = keywords.keywordid ORDER BY keyworddefs.name 44470 Query SELECT product_id FROM bugs WHERE bug_id = 3340022 44470 Query SELECT group_id FROM group_control_map WHERE product_id = 11 AND canedit != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) LIMIT 1 44470 Query SELECT attach_id, DATE_FORMAT(creation_ts, '%Y.%m.%d %H:%i'), mimetype, description, ispatch, isobsolete, isprivate, submitter_id, LENGTH(thedata) FROM attachments WHERE bug_id = 3340022 ORDER BY attach_id 44470 Query SELECT 1, flagtypes.id, flagtypes.name, flagtypes.description, flagtypes.cc_list, flagtypes.target_type, flagtypes.sortkey, flagtypes.is_active, flagtypes.is_requestable, flagtypes.is_requesteeble, flagtypes.is_multiplicable, COUNT(flagexclusions.type_id) AS num_exclusions FROM flagtypes , flaginclusions LEFT JOIN flagexclusions ON (flagtypes.id = flagexclusions.type_id AND (flagexclusions.product_id = 11 OR flagexclusions.product_id IS NULL) AND (flagexclusions.component_id = 128 OR flagexclusions.component_id IS NULL)) WHERE 1=1 AND flagtypes.target_type = 'b' AND flagtypes.id = flaginclusions.type_id AND (flaginclusions.product_id = 11 OR flaginclusions.product_id IS NULL) AND (flaginclusions.component_id = 128 OR flaginclusions.component_id IS NULL) GROUP BY flagtypes.id HAVING num_exclusions = 0 ORDER BY flagtypes.sortkey, flagtypes.name 44470 Query SELECT COUNT(flagtypes.id), COUNT(flagexclusions.type_id) AS num_exclusions FROM flagtypes , flaginclusions LEFT JOIN flagexclusions ON (flagtypes.id = flagexclusions.type_id AND (flagexclusions.product_id = 11 OR flagexclusions.product_id IS NULL) AND (flagexclusions.component_id = 128 OR flagexclusions.component_id IS NULL)) WHERE 1=1 AND flagtypes.target_type = 'a' AND flagtypes.is_active = 1 AND flagtypes.id = flaginclusions.type_id AND (flaginclusions.product_id = 11 OR flaginclusions.product_id IS NULL) AND (flaginclusions.component_id = 128 OR flaginclusions.component_id IS NULL) GROUP BY flagtypes.id HAVING num_exclusions = 0 44470 Query SELECT COUNT(id) FROM flags WHERE 1=1 AND attach_id IS NOT NULL AND bug_id = 3340022 44470 Query select dependencies.dependson, bugs.bug_status from dependencies, bugs where dependencies.blocked = 3340022 and bugs.bug_id = dependencies.dependson order by dependencies.dependson 44470 Query select dependencies.blocked, bugs.bug_status from dependencies, bugs where dependencies.dependson = 3340022 and bugs.bug_id = dependencies.blocked order by dependencies.blocked 44470 Query SELECT name, query, linkinfooter FROM namedqueries WHERE userid='1' ORDER BY UPPER(name) 44470 Query SELECT name, description, mailhead FROM fielddefs ORDER BY sortkey 44470 Query SELECT alias,assigned_to,bug_file_loc,bug_severity,bug_status,cclist_accessible,component_id,estimated_time,everconfirmed,keywords,op_sys,priority,product_id,qa_contact,remaining_time,rep_platform,reporter,reporter_accessible,resolution,short_desc,status_whiteboard,target_milestone,version,votes, lastdiffed, now() FROM bugs WHERE bug_id = 3340022 44470 Query SELECT name FROM products WHERE id = 11 44470 Query SELECT name FROM components WHERE id = 128 44470 Query SELECT who FROM cc WHERE bug_id = 3340022 44470 Query SELECT profiles.login_name FROM votes, profiles WHERE votes.bug_id = 3340022 AND profiles.userid = votes.who 44470 Query SELECT dependson FROM dependencies WHERE blocked = 3340022 ORDER BY dependson 44470 Query SELECT blocked FROM dependencies WHERE dependson = 3340022 ORDER BY blocked 44470 Query SELECT profiles.login_name, fielddefs.description, bug_when, removed, added, attach_id, fielddefs.name FROM bugs_activity, fielddefs, profiles WHERE bug_id = 3340022 AND fielddefs.fieldid = bugs_activity.fieldid AND profiles.userid = who AND bug_when > '0000-00-00 00:00:00' AND bug_when <= '2004-06-02 15:20:57' ORDER BY bug_when 44470 Query SELECT bugs_activity.bug_id, bugs.short_desc, fielddefs.name, removed, added FROM bugs_activity, bugs, dependencies, fielddefs WHERE bugs_activity.bug_id = dependencies.dependson AND bugs.bug_id = bugs_activity.bug_id AND dependencies.blocked = 3340022 AND fielddefs.fieldid = bugs_activity.fieldid AND (fielddefs.name = 'bug_status' OR fielddefs.name = 'resolution') AND bug_when > '0000-00-00 00:00:00' AND bug_when <= '2004-06-02 15:20:57' ORDER BY bug_when, bug_id 44470 Query SELECT profiles.login_name, DATE_FORMAT(longdescs.bug_when,'%Y.%m.%d %H:%i'), longdescs.thetext, longdescs.isprivate FROM longdescs, profiles WHERE profiles.userid = longdescs.who AND longdescs.bug_id = 3340022 AND longdescs.bug_when <= '2004-06-02 15:20:57'ORDER BY longdescs.bug_when 44470 Query select userid from profiles where login_name = 'shengh@cadence.com' 44470 Query SELECT emailflags FROM profiles WHERE userid = 1 44470 Query select userid from profiles where login_name = 'shengh@cadence.com' 44470 Query SELECT emailflags FROM profiles WHERE userid = 1 44470 Query select userid from profiles where login_name = 'shengh@cadence.com' 44470 Query SELECT emailflags FROM profiles WHERE userid = 1 44470 Query select userid from profiles where login_name = 'shengh@cadence.com' 44470 Query SELECT emailflags FROM profiles WHERE userid = 1 44470 Query SELECT userid, login_name, realname, mybugslink FROM profiles WHERE login_name='shengh@cadence.com' 44470 Query SELECT 1 FROM profiles, groups WHERE userid='1' AND profiles.refreshed_when <= groups.last_changed 44470 Query SELECT bugs.bug_id, reporter, assigned_to, qa_contact, reporter_accessible, cclist_accessible, cc.who IS NOT NULL, COUNT(DISTINCT(bug_group_map.group_id)) as cntbugingroups, COUNT(DISTINCT(user_group_map.group_id)) as cntuseringroups FROM bugs LEFT JOIN cc ON bugs.bug_id = cc.bug_id AND cc.who = 1 LEFT JOIN bug_group_map ON bugs.bug_id = bug_group_map.bug_id LEFT JOIN user_group_map ON user_group_map.group_id = bug_group_map.group_id AND user_group_map.isbless = 0 AND user_group_map.user_id = 1 WHERE bugs.bug_id = 3340022 GROUP BY bugs.bug_id 44470 Query SELECT DISTINCT groups.name, group_id FROM groups, user_group_map WHERE groups.id=user_group_map.group_id AND user_id='1' AND isbless=0 040602 15:20:58 44470 Query UPDATE bugs SET lastdiffed = '2004-06-02 15:20:57', delta_ts = delta_ts WHERE bug_id = 3340022 44470 Query SELECT profiles.realname, profiles.login_name, date_format(longdescs.bug_when,'%Y.%m.%d %H:%i'), longdescs.thetext, longdescs.work_time, isprivate, date_format(longdescs.bug_when,'%Y%m%d%H%i%s') FROM longdescs, profiles WHERE profiles.userid = longdescs.who AND longdescs.bug_id = 3340022 ORDER BY longdescs.bug_when 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Bugzilla' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Customer' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Epm' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Infrastructure' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Isador' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'PCM' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'PCT' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'TimeTracker' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'Vcad IP' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'VCAD Web' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'VPRM' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'VSH' LIMIT 1 44470 Query SELECT group_id IS NULL FROM products LEFT JOIN group_control_map ON group_control_map.product_id = products.id AND group_control_map.entry != 0 AND group_id NOT IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE products.name = 'WCDI' LIMIT 1 44470 Query SELECT DISTINCT groups.id, name, description, bug_group_map.group_id IS NOT NULL, user_group_map.group_id IS NOT NULL, isactive, membercontrol, othercontrol FROM groups LEFT JOIN bug_group_map ON bug_group_map.group_id = groups.id AND bug_id = 3340022 LEFT JOIN user_group_map ON user_group_map.group_id = groups.id AND user_id = 1 AND NOT isbless LEFT JOIN group_control_map ON group_control_map.group_id = groups.id AND group_control_map.product_id = 11 WHERE isbuggroup 44470 Quit ********************** log from mysql end ********************** It looks to me that something is not finished during the create new component, and was finished in a later stage. Maybe some kind of "lock", such that this lock is not being removed in the correct place but got removed later. Right after I created the new component, although it told me there were "internal error", I could see the new component has been added to the database, it must be something else is not set/unset. cheers.
|
|
||
Comment 10•20 years ago
|
||
Confirmed by visual inspection of the code. The product and component being used as the category and subcategory coming out of new component creation is never getting detainted. The failure to be able to create bugs in the new component is only temporary until versioncache rebuilds. The unlinking of data/versioncache happens after the series is created, so when it crashes during series creation, the cache doesn't get rebuilt until the next time it would have anyway. By definition, taint errors are 2.18 blockers.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking2.18+
Target Milestone: --- → Bugzilla 2.18
|
Assignee | |
Comment 11•20 years ago
|
||
only $self->{'name'} needs to be detainted.
it's a shame that $dbh->quote doesn't detaint automatically like SqlQuote does.
Attachment #150931 -
Flags: review?
|
|
Assignee | |
Comment 12•20 years ago
|
||
someone want to reveiw this for me please?
|
||
Comment 13•20 years ago
|
||
(In reply to comment #12) > someone want to reveiw this for me please? I can confirm that this does fix the problem, but I haven't checked that the detaint is safe to do, or the only one necessary. (Sorry that isn't too helpful) Is the title of the big correct? I'm sure I had failures before I enabled QA contacts...
|
|
||
Comment 14•20 years ago
|
||
Comment on attachment 150931 [details] [diff] [review] detaint series insert Series.pm should never be getting tainted data to begin with unless it's getting it from an environment variable or CGI form data directly. The latter happens to be the case here, however, the part that loads data from CGI is a separate sub, and the writeToDatabase function is callable even on series objects that aren't created from CGI, thus the detaint() doesn't belong here (that goes for the one on 'query' as well). The detaints should all be happening in the initFromCGI sub before the object is returned.
Attachment #150931 -
Flags: review? → review-
|
|
Assignee | |
Comment 15•20 years ago
|
||
moves trick_taint in Series.pm into initFromCGI, which is the logical location, but doesn't fix this bug, as initFromParameters is actually used. editcomponents now has a shiny new trick_taint
Attachment #150931 -
Attachment is obsolete: true
Attachment #152096 -
Flags: review?(justdave)
|
|
||
Comment 16•20 years ago
|
||
Comment on attachment 152096 [details] [diff] [review] detaint series insert v2 >+++ editcomponents.cgi >@@ -466,6 +466,7 @@ > push(@series, [$::FORM{'closed_name'}, $resolved . $prodcomp]); > > foreach my $sdata (@series) { >+ trick_taint($sdata->[0]); ehh.... how about if we stuff $::FORM{'closed_name'} into a local variable and detaint it there before pushing it into @series? That'll make the logic a little cleaner, since we won't be wondering why stuff in @series is suddenly tainted. It's obvious why $::FORM stuff would be tainted at that point. To satify the anal security folks, we should also add a comment next to the trick_taint() which explains why we think it's safe to use trick_taint() on it. (i.e. it's never used as a command or raw SQL) Also, how about if we move the other detaint from writeToDatabase while we're looking at it, so we don't forget. Sorry to be so anal about it, but them's the breaks when we're dealing with the taint stuff ;) We're close :)
Attachment #152096 -
Flags: review?(justdave) → review-
|
|
Assignee | |
Comment 17•20 years ago
|
||
Attachment #152096 -
Attachment is obsolete: true
Attachment #152420 -
Flags: review?(justdave)
|
|
Assignee | |
Comment 18•20 years ago
|
||
Comment on attachment 152420 [details] [diff] [review] detaint series insert v3 clearing review request. was thinking about this on the bus and i want to do some more testing.
Attachment #152420 -
Flags: review?(justdave)
|
|
||
Comment 19•20 years ago
|
||
Comment on attachment 152420 [details] [diff] [review] detaint series insert v3 r=joel
Attachment #152420 -
Flags: review+
|
|
||
Updated•20 years ago
|
Flags: approval?
|
|
||
Updated•20 years ago
|
Flags: approval? → approval+
|
||
Comment 20•20 years ago
|
||
Checked in by timeless: Bug 242405 Turning on QA contact causes taint error in Bugzilla/Series.pm when adding a component patch by bugzilla@glob.com.au r=joel a=justdave 2004-07-08 20:33 timeless%mozdev.org mozilla/ webtools/ bugzilla/ Bugzilla/ Series.pm 1.5 0/1 2004-07-08 20:33 timeless%mozdev.org mozilla/ webtools/ bugzilla/ editcomponents.cgi 1.41 14/5
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•