editparams.cgi crashes when editing the 'languages' and 'defaultlanguage' parameters

RESOLVED FIXED in Bugzilla 3.0

Status

()

Bugzilla
Administration
P2
normal
RESOLVED FIXED
11 years ago
10 years ago

People

(Reporter: victory <never@receive.bug.mails.i.hate.spammer>, Assigned: Frédéric Buclin)

Tracking

2.22
Bugzilla 3.0
Bug Flags:
approval +
approval3.0 +
blocking2.22.1 -

Details

(URL)

Attachments

(3 attachments, 1 obsolete attachment)

1. copy entire template/en/ directory as other name(XX)
2. add the lang(XX) to languages param
3. post
4. delete the lang from languages param
5. post

then always get this:
--
 Bugzilla has suffered an internal error. Please save this page and send it to (maintainer) with details of what you were doing at the time this message appeared.

URL: (installation-of bugzilla)/bugzilla/editparams.cgi

Template->process() failed twice.
First error: file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/share/perl/5.8/File/Temp.pm line 486.
Second error: file error - cache failed to write code-error.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/share/perl/5.8/File/Temp.pm line 486.
--

this happens when set only one language,
e.g.: 2 to 1, or 3 to 1, not happen 3 to 2 etc.
this doesn't happen on tip, only 2.22.

actual value posted was saved so i set this as 'minor'
Whiteboard: [2.22 only]
(Assignee)

Comment 1

11 years ago
Not that minor. I have no clue why it crashes on 2.22 only and not on tip. Bonsai shows that editparams.cgi, and its corresponding .pm and .html.tmpl files didn't change between 2.22 and tip.

The issue occurs at the last line (134) of editparams.cgi (visible when turning on die_with_dignity):

$template->process("admin/params/editparams.html.tmpl", $vars)
    || ThrowTemplateError($template->error());


Insecure dependency in require while running with -T switch at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 607. Insecure dependency in sysopen while running with -T switch at /usr/lib/perl5/5.8.7/File/Temp.pm line 486. file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/lib/perl5/5.8.7/File/Temp.pm line 486. at globals.pl line 103 main::die_with_dignity('Insecure dependency in sysopen while running with -T switch a...') called at /usr/lib/perl5/5.8.7/File/Temp.pm line 486 File::Temp::_gettemp('data/template/template/ga/default/admin/params/XXXXXXXXXX', 'open', 1, 'mkdir', 0, 'unlink_on_close', 0, 'suffixlen', 0, ...) called at /usr/lib/perl5/5.8.7/File/Temp.pm line 1273 File::Temp::tempfile('DIR', 'data/template/template/ga/default/admin/params') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Document.pm line 295 eval {...} called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Document.pm line 292 Template::Document::write_perl_file('Template::Document', 'data/template/template/ga/default/admin/params/editparams.htm...', 'HASH(0x8c2b5ec)') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 880 Template::Provider::_compile('Template::Provider=HASH(0x8a01b38)', 'HASH(0x8ba0a64)', 'data/template/template/ga/default/admin/params/editparams.htm...') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 556 Template::Provider::_fetch_path('Template::Provider=HASH(0x8a01b38)', 'admin/params/editparams.html.tmpl') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 148 Template::Provider::fetch('Template::Provider=HASH(0x8a01b38)', 'admin/params/editparams.html.tmpl', 'undef') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Context.pm line 139 Template::Context::template('Template::Context=HASH(0x8a01940)', 'admin/params/editparams.html.tmpl') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Service.pm line 72 eval {...} called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Service.pm line 72 Template::Service::process('Template::Service=HASH(0x89df0bc)', 'admin/params/editparams.html.tmpl', 'HASH(0x811e7a0)') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template.pm line 71 Template::process('Bugzilla::Template=HASH(0x89a2ab4)', 'admin/params/editparams.html.tmpl', 'HASH(0x811e7a0)') called at /var/www/html/bugzilla222/editparams.cgi line 134
Severity: minor → normal
Flags: blocking2.22?
Keywords: qawanted
Priority: -- → P2
(Assignee)

Comment 2

11 years ago
(In reply to comment #0)
> this happens when set only one language,
> e.g.: 2 to 1, or 3 to 1, not happen 3 to 2 etc.

The problem also occurs with 1 to 1 (e.g. en to foo, also with foo to en).
(Assignee)

Updated

11 years ago
(Assignee)

Updated

11 years ago
Flags: blocking2.22? → blocking2.22.1?

Comment 3

11 years ago
So, everything works fine, but Bugzilla just throws an error. That's not a blocker.
Flags: blocking2.22.1? → blocking2.22.1-
(Assignee)

Comment 4

11 years ago
*** Bug 346674 has been marked as a duplicate of this bug. ***
(Assignee)

Comment 5

11 years ago
I definitely don't understand why it fails when only one language is given. I don't see why it's tainted in this case. It seems that it fails on the removed language. But maybe is it just a coincidence.
Keywords: helpwanted

Comment 6

11 years ago
Do you have different versions of File::Temp on your 2.22 installation and on your tip installation? Maybe that's it.
(Assignee)

Comment 7

11 years ago
(In reply to comment #6)
> Do you have different versions of File::Temp on your 2.22 installation and on
> your tip installation?

Of course not. :-/
now line number changed.
 probably different version of File::Temp module.
 (current: $VERSION = '0.17';)

 First error: file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/local/share/perl/5.8.7/File/Temp.pm line 502.
Second error: file error - cache failed to write code-error.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/local/share/perl/5.8.7/File/Temp.pm line 502.
(Assignee)

Comment 9

10 years ago
2.22 is now restricted to security bugs only, and 3.0 is not affected by this bug. wontfix
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Keywords: qawanted
Resolution: --- → WONTFIX
Target Milestone: Bugzilla 2.22 → ---
(Assignee)

Comment 10

10 years ago
Reopening! This bug seems to be back, but with a different error message:

Template->process() failed twice.
First error: undef error - Not a GLOB reference at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.
Second error: undef error - Not a GLOB reference at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.

I can reproduce on 3.0.1 and 3.1.1 (with the fix from bug 390756). No idea why this error message changed though. Maybe is it because I upgraded TT or any other package? Anyway, the error message is different, but the crash still occurs.
Status: RESOLVED → REOPENED
Keywords: qawanted
Resolution: WONTFIX → ---
Whiteboard: [2.22 only]
(Assignee)

Comment 11

10 years ago
(In reply to comment #10)
> First error: undef error - Not a GLOB reference at
> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.

I added |print ref($name)| right before LOAD: in Template/Provider.pm and it says HASH, not GLOB! Moreover, it's an emtpy hashref, it has no key; scalar(keys %$name) returns 0.

    LOAD: {
        if (ref $name eq 'SCALAR') {
            # $name can be a SCALAR reference to the input text...
            ...
        }
        elsif (ref $name) {
            # ...or a GLOB or file handle...
            my $text = <$name>;
            ...
(Assignee)

Comment 12

10 years ago
Created attachment 277031 [details]
debug

If this can help someone track the problem, here is what I could get.
(Assignee)

Comment 13

10 years ago
When I ask Bugzilla::Template::Hook::process() to display one path per row it's looking at, I get:

./template/en, fr/custom

./template/en, fr/default

./template/en/custom

./template/en/default

Do you see the problem? The first two rows contains: /en, fr/ instead of /fr/ alone, i.e. Bugzilla->params->{'languages'} is not split on commas!
(Assignee)

Comment 14

10 years ago
Created attachment 277034 [details] [diff] [review]
patch for 3.1, v1

Here we go. Seems to fix the problem for me on 3.1.1. I will backport it to branches tomorrow... it's 5am and I'm really tired now.
Assignee: administration → LpSolit
Status: REOPENED → ASSIGNED
Attachment #277034 - Flags: review?(wurblzap)
Attachment #277034 - Flags: review?(mkanat)
Comment on attachment 277034 [details] [diff] [review]
patch for 3.1, v1

Fixes issue (tested in conjunction with the patch of bug 390756), code all right; r=Wurblzap.
Attachment #277034 - Flags: review?(wurblzap) → review+
(Assignee)

Comment 16

10 years ago
Created attachment 277068 [details] [diff] [review]
patch for 3.0, v1

The problem is a bit different for 3.0.1. I thought I was writing "en, fr" in the 'languages' field, but I was writing it in the 'defaultlanguage' field, and the validation routine didn't even complain about that! But then TT was looking for this weird "template/en, fr/default" path, which crashes it.

Also, changing 'defaultlanguage' crashes Bugzilla due to a taint issue in User::Setting::add_setting(). Yes, Bugzilla->params->{'defaultlanguage'} is tainted!

And finally, writing "en, en" in the 'languages' field crashes Bugzilla again because User::Setting::add_setting() tries to insert 'en' twice in the DB, generating a duplicated key.

My patch addresses all these problems.
Attachment #277068 - Flags: review?(wurblzap)
(Assignee)

Comment 17

10 years ago
Created attachment 277069 [details] [diff] [review]
patch for 3.1, v2

Updated patch for 3.1 to address this duplicated key error when writing 'en, en' in the 'languages' field. The validation routine is a bit cleaner than for 3.0.1 because 'defaultlanguage' no longer exists.
Attachment #277034 - Attachment is obsolete: true
Attachment #277069 - Flags: review?(wurblzap)
Attachment #277034 - Flags: review?(mkanat)
(Assignee)

Updated

10 years ago
Keywords: helpwanted, qawanted
Target Milestone: --- → Bugzilla 3.0
(Assignee)

Comment 18

10 years ago
Comment on attachment 277068 [details] [diff] [review]
patch for 3.0, v1

>+       push(@validated_languages, $language) unless $lang_seen{$language}++

Don't worry, I will add the missing semicolon on checkin, despite it doesn't hurt here. ;)
Maybe it's a separate bug, but I think editparams.cgi should remove duplicate entries from languages. Your patch wouldn't have to worry about such an (imho senseless) setting. Oh well; this doesn't matter after bug 365378.
(Assignee)

Comment 20

10 years ago
(In reply to comment #19)
> Maybe it's a separate bug, but I think editparams.cgi should remove duplicate
> entries from languages.

It does remove them. Bugzilla::Config::Common contains all the validation routines used by editparams.cgi.

Comment 21

10 years ago
Comment on attachment 277069 [details] [diff] [review]
patch for 3.1, v2

This certainly looks right to me, but I'll let Wurblzap verify.
Attachment #277069 - Flags: review+
Attachment #277069 - Flags: review?(wurblzap) → review+
Attachment #277068 - Flags: review?(wurblzap) → review+
Tested; both work. Code is good. r=Wurblzap.
Flags: approval?
Flags: approval3.0?
(Assignee)

Updated

10 years ago
Flags: approval?
Flags: approval3.0?
Flags: approval3.0+
Flags: approval+
(Assignee)

Comment 23

10 years ago
tip:

Checking in Bugzilla/Template.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Template.pm,v  <--  Template.pm
new revision: 1.74; previous revision: 1.73
done
Checking in Bugzilla/Config/Common.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config/Common.pm,v  <--  Common.pm
new revision: 1.17; previous revision: 1.16
done
Checking in Bugzilla/Install/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Install/Util.pm,v  <--  Util.pm
new revision: 1.8; previous revision: 1.7
done


3.0:

Checking in editparams.cgi;
/cvsroot/mozilla/webtools/bugzilla/editparams.cgi,v  <--  editparams.cgi
new revision: 1.43.2.1; previous revision: 1.43
done
Checking in Bugzilla/Config/Common.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config/Common.pm,v  <--  Common.pm
new revision: 1.14.2.1; previous revision: 1.14
done
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago10 years ago
Resolution: --- → FIXED
Summary: 'Template->process() failed twice' when make languages param multiple to 1 → editparams.cgi crashes when editing the 'languages' and 'defaultlanguage' parameters
You need to log in before you can comment on or make changes to this bug.