Closed
Bug 284525
Opened 19 years ago
Closed 19 years ago
Checksetup uses some bad SQL that is not cross-database compatible
Categories
(Bugzilla :: Bugzilla-General, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: mkanat, Assigned: mkanat)
References
Details
Attachments
(1 file, 1 obsolete file)
4.24 KB,
patch
|
glob
:
review+
|
Details | Diff | Splinter Review |
There are a few places that PostgreSQL chokes in checksetup code, before it can even get to the bz_ functions in Bugzilla::DB. These need to be fixed before I can fix each of those individual bz_ functions to be cross-database compatible.
Assignee | ||
Updated•19 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.20
Assignee | ||
Comment 1•19 years ago
|
||
These are simple fixes. I've verified that they work on Pg and on MySQL.
Attachment #176083 -
Flags: review?(Tomas.Kopal)
Assignee | ||
Updated•19 years ago
|
Attachment #176083 -
Flags: review?(bugzilla)
Comment on attachment 176083 [details] [diff] [review] Fix bad quoting and insertion of "NULL" as a string >-$sth = $dbh->prepare("SELECT description FROM products"); >+my $sth = $dbh->prepare("SELECT description FROM products"); this causes "my" variable $sth masks earlier declaration in same scope at checksetup.pl line 2386. otherwise looks good.
Attachment #176083 -
Flags: review?(bugzilla) → review-
Assignee | ||
Comment 3•19 years ago
|
||
(In reply to comment #2) > this causes > "my" variable $sth masks earlier declaration in same scope at checksetup.pl > line 2386. Oh, that's part of the patch from bug 284172. :-) Oops. :-)
Comment 4•19 years ago
|
||
Comment on attachment 176083 [details] [diff] [review] Fix bad quoting and insertion of "NULL" as a string >Index: checksetup.pl >@@ -2230,23 +1651,21 @@ > sub AddFDef ($$$) { > my ($name, $description, $mailhead) = (@_); > >- $name = $dbh->quote($name); >- $description = $dbh->quote($description); Are you sure it's safe to leave this out? Can't the function be ever called with user-supplied or otherwise unsafe data? (That's not suggestion, that's really just question :-) ). >@@ -2384,20 +1804,26 @@ > ########################################################################### > # Create initial test product if there are no products present. > ########################################################################### >-$sth = $dbh->prepare("SELECT description FROM products"); >+my $sth = $dbh->prepare("SELECT description FROM products"); I remember this change was already in another patch :-). > $dbh->do("INSERT INTO fielddefs " . ... >+ $dbh->do(q{INSERT INTO products(name, description, milestoneurl, ... >+ $dbh->do(qq{INSERT INTO versions (value, product_id) Can't we somehow make all the quoting more consistent? We are using single quotes, double quotes, q{}, qq{} all over the code... But thats probably more question for some general rules than for this patch... Otherwise, it looks good...
Attachment #176083 -
Flags: review?(bugzilla)
Attachment #176083 -
Flags: review?(Tomas.Kopal)
Attachment #176083 -
Flags: review-
Attachment #176083 -
Flags: review+
> Are you sure it's safe to leave this out? Can't the function be ever called
> with user-supplied or otherwise unsafe data? (That's not suggestion, that's
> really just question :-) ).
it's save; using sql placeholders automatically performs the quoting.
Attachment #176083 -
Flags: review?(bugzilla) → review-
Assignee | ||
Comment 6•19 years ago
|
||
OK, this one's all better. :-)
Attachment #176083 -
Attachment is obsolete: true
Attachment #176226 -
Flags: review?(bugzilla)
Comment on attachment 176226 [details] [diff] [review] v2 r=glob
Attachment #176226 -
Flags: review?(bugzilla) → review+
Updated•19 years ago
|
Flags: approval? → approval+
Assignee | ||
Comment 8•19 years ago
|
||
Checking in checksetup.pl; /cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v <-- checksetup.pl new revision: 1.359; previous revision: 1.358 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•