Closed Bug 286311 Opened 20 years ago Closed 20 years ago

print "Content-type..." is used instead of print $cgi->header() (cookies aren't sent in header)

Categories

(Bugzilla :: Creating/Changing Bugs, defect)

Product:
Bugzilla
Component:
Creating/Changing Bugs
Version:
2.19.2
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: LpSolit, Assigned: jacob)

Details

Attachments

(2 files, 1 obsolete file)

Patch v2 (tip)
1.16 KB, patch
LpSolit
: review+
Details | Diff | Splinter Review
backport for 2.18
503 bytes, patch
justdave
: review+
Details | Diff | Splinter Review 
You need at least two classifications, and a product restricted to some group.
- A user without privs (and which is not in the group above) who is logged out
click the 'New' link in the footer
-> he has to log in
- The user select a classification
-> he has to log in again!!

Clicking the 'Home' link for example shows that the footer behaves as if you
were not logged in. Problem with cookies?
Using http://sniffuri.org/ I can see that a cookie is not being sent for the URL
enter_bug.cgi?Bugzilla_login=<login>&Bugzilla_password=<pass> in this
configuration but one is sent for
index.cgi?Bugzilla_login=<login>&Bugzilla_password=<pass> and
enter_bug.cgi?Bugzilla_login=<login>&Bugzilla_password=<pass>&classification=Unclassified
Flags: blocking2.20?
Target Milestone: --- → Bugzilla 2.20
Flags: blocking2.20? → blocking2.20+
I have tracked down the problem... kinda. In enter_bug.cgi, we call
GetVersionTable() right before we call Bugzilla->login(). Doing either one of
the following allows the login cookie to be sent:

1. Reverse the order of those two calls
2. comment out the |require "$datadir/versioncache"| line in globals.pl (and the
error catching stuff below it).

While number one is a quick and easy fix for this problem, others have been
mentioning mysterious multiple login problems that may be related to this. The
error has to be somewhere in this Version Cache generation stuff, I just don't
know exactly where.
Attached patch Patch (obsolete) — Splinter Review 
OK, nix comment #2. I was in a hurry when I came upon what looked like a
solution and was only looking at the headers of the sniffuri output so I didn't
notice than when I did number 2 from comment #2 that I was getting an error
page instead of the select classification page. I have no idea how I thought
number 1 worked.

Anyway, the real problem turned out to be that when outputing the select
classification page there was a |print "Content-type: text/html\n\n";| instead
of |print $cgi->header();|.

I'm not sure what could be causing the other mysterious multiple login problems
people are reporting, but I guess there wasn't a larger issue here :).
Assignee: create-and-change → jake
Status: NEW → ASSIGNED
Attachment #177634 - Flags: review?
Comment on attachment 177634 [details] [diff] [review]
Patch

nice catch! r=LpSolit
Attachment #177634 - Flags: review? → review+
Flags: approval?
Comment on attachment 177634 [details] [diff] [review]
Patch

We have the exact same issue in at least one other place.

Try to visit sanitycheck.cgi without being logged in. Log in when prompted,
wait for sanitycheck.cgi to load, then try to enter a new bug. In the footer
you will see that you "logged out", and after selecting the product you need to
log in again.

Instead of fixing random occurances of this problem, I believe a simple search
for the "Content-type: text/html" text in .cgi files would allow us to solve
the bigger issue. sanitycheck.cgi uses the same method for printing headers, so
I guess the problem is identical.
Attachment #177634 - Flags: review-
Summary: Need to log in twice when submitting new bugs (with classification turned on) → print "Context-type..." is used instead of print $cgi->header() (cookies aren't sent in header)
Attached patch Patch v2 (tip)Splinter Review 
Every other instance of "content-type" turned up be grep -i seems logical (is
either in a comment or being used in association w/a ctype).
Attachment #177634 - Attachment is obsolete: true
Attachment #177660 - Flags: review?
Comment on attachment 177660 [details] [diff] [review]
Patch v2 (tip)

Thanks to vladd for this catch! :)
Attachment #177660 - Flags: review? → review+
Flags: approval? → approval+
Checking in enter_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/enter_bug.cgi,v  <--  enter_bug.cgi
new revision: 1.111; previous revision: 1.110
done
Checking in sanitycheck.cgi;
/cvsroot/mozilla/webtools/bugzilla/sanitycheck.cgi,v  <--  sanitycheck.cgi
new revision: 1.91; previous revision: 1.90
done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
We want it for 2.18.1 too
Status: RESOLVED → REOPENED
Flags: blocking2.18.1?
Resolution: FIXED → ---
Target Milestone: Bugzilla 2.20 → Bugzilla 2.18
Flags: blocking2.18.1? → blocking2.18.1+
Attachment #177660 - Attachment description: Patch v2 → Patch v2 (tip)
only sanitycheck.cgi is affected in 2.18 as classification does not exist yet.
Attachment #177808 - Flags: review?
Attachment #177808 - Flags: review? → review+
Summary: print "Context-type..." is used instead of print $cgi->header() (cookies aren't sent in header) → print "Content-type..." is used instead of print $cgi->header() (cookies aren't sent in header)
Flags: approval2.18+
For 2.18:

Checking in sanitycheck.cgi;
/cvsroot/mozilla/webtools/bugzilla/sanitycheck.cgi,v  <--  sanitycheck.cgi
new revision: 1.72.2.2; previous revision: 1.72.2.1
done
Status: REOPENED → RESOLVED
Closed: 20 years ago20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: