Closed Bug 245976 Opened 16 years ago Closed 16 years ago
Software error when trying to add a milestone
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 Build Identifier: With taint mode enabled, adding a milestone results in this software error: Software error: Insecure dependency in parameter 1 of DBI::db=HASH(0x86a62d0)->prepare method call while running with -T switch at Bugzilla/DB.pm line 60. For help, please send mail to the webmaster (firstname.lastname@example.org), giving this error message and the time and date of the error. After removing the -T switch, milestones are added properly so this seems to be a regression from bug 141006. A hint from #mozwebtools: <glob> sortkey needs to be detainted in editmilestones <jussi> glob: Thanks, I'll add that to the report <glob> don't take it as gospel, but that's what it looks like <glob> i can't run bz right now :( Reproducible: Always Steps to Reproduce:
Summary: Software error when trying to add a milestone → Software error when trying to add a milestone
Assignee: justdave → bugzilla
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment on attachment 150341 [details] [diff] [review] detaint sortkey in editmilestones This is the correct fix regarding the "add" action. r=vladd However it seems we have similar problems when updating a milestone. I know it's outside of the purpose of this bug, but it would be cool if someone would take a look at what happens with the sortkey when updating an existing milestone (Is the "must be a digit" validation in place when updating the sortkey? Is the sortkey detainted as well in this case?) If we want to keep this bug for the "add" action only, maybe a bug about the "update" action should be searched (and opened if it doesn't exist already)
Attachment #150341 - Flags: review? → review+
Target Milestone: --- → Bugzilla 2.18
(In reply to comment #2) > If we want to keep this bug for the "add" action only, maybe a bug about the > "update" action should be searched (and opened if it doesn't exist already) i've created bug 246328 for the update action. can someone please check this patch in for me.
Checking in editmilestones.cgi; /cvsroot/mozilla/webtools/bugzilla/editmilestones.cgi,v <-- editmilestones.cgi new revision: 1.22; previous revision: 1.21 done Changing resolution to FIXED.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.