Last Comment Bug 335354 - editparams.cgi crashes when editing the 'languages' and 'defaultlanguage' parameters
: editparams.cgi crashes when editing the 'languages' and 'defaultlanguage' par...
Status: RESOLVED FIXED
:
Product: Bugzilla
Classification: Server Software
Component: Administration (show other bugs)
: 2.22
: All All
: P2 normal (vote)
: Bugzilla 3.0
Assigned To: Frédéric Buclin
: default-qa
Mentors:
editparams.cgi?section=l10n#languages
: 346674 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-25 02:52 PDT by victory <never@receive.bug.mails.i.hate.spammer>
Modified: 2007-08-20 14:10 PDT (History)
6 users (show)
LpSolit: approval+
LpSolit: approval3.0+
mkanat: blocking2.22.1-
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
debug (3.50 KB, text/plain)
2007-08-16 19:14 PDT, Frédéric Buclin
no flags Details
patch for 3.1, v1 (1.38 KB, patch)
2007-08-16 20:01 PDT, Frédéric Buclin
wurblzap: review+
Details | Diff | Review
patch for 3.0, v1 (2.16 KB, patch)
2007-08-17 03:52 PDT, Frédéric Buclin
wurblzap: review+
Details | Diff | Review
patch for 3.1, v2 (2.54 KB, patch)
2007-08-17 03:55 PDT, Frédéric Buclin
wurblzap: review+
mkanat: review+
Details | Diff | Review

Description victory <never@receive.bug.mails.i.hate.spammer> 2006-04-25 02:52:59 PDT
1. copy entire template/en/ directory as other name(XX)
2. add the lang(XX) to languages param
3. post
4. delete the lang from languages param
5. post

then always get this:
--
 Bugzilla has suffered an internal error. Please save this page and send it to (maintainer) with details of what you were doing at the time this message appeared.

URL: (installation-of bugzilla)/bugzilla/editparams.cgi

Template->process() failed twice.
First error: file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/share/perl/5.8/File/Temp.pm line 486.
Second error: file error - cache failed to write code-error.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/share/perl/5.8/File/Temp.pm line 486.
--

this happens when set only one language,
e.g.: 2 to 1, or 3 to 1, not happen 3 to 2 etc.
this doesn't happen on tip, only 2.22.

actual value posted was saved so i set this as 'minor'
Comment 1 Frédéric Buclin 2006-04-25 07:22:58 PDT
Not that minor. I have no clue why it crashes on 2.22 only and not on tip. Bonsai shows that editparams.cgi, and its corresponding .pm and .html.tmpl files didn't change between 2.22 and tip.

The issue occurs at the last line (134) of editparams.cgi (visible when turning on die_with_dignity):

$template->process("admin/params/editparams.html.tmpl", $vars)
    || ThrowTemplateError($template->error());


Insecure dependency in require while running with -T switch at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 607. Insecure dependency in sysopen while running with -T switch at /usr/lib/perl5/5.8.7/File/Temp.pm line 486. file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/lib/perl5/5.8.7/File/Temp.pm line 486. at globals.pl line 103 main::die_with_dignity('Insecure dependency in sysopen while running with -T switch a...') called at /usr/lib/perl5/5.8.7/File/Temp.pm line 486 File::Temp::_gettemp('data/template/template/ga/default/admin/params/XXXXXXXXXX', 'open', 1, 'mkdir', 0, 'unlink_on_close', 0, 'suffixlen', 0, ...) called at /usr/lib/perl5/5.8.7/File/Temp.pm line 1273 File::Temp::tempfile('DIR', 'data/template/template/ga/default/admin/params') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Document.pm line 295 eval {...} called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Document.pm line 292 Template::Document::write_perl_file('Template::Document', 'data/template/template/ga/default/admin/params/editparams.htm...', 'HASH(0x8c2b5ec)') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 880 Template::Provider::_compile('Template::Provider=HASH(0x8a01b38)', 'HASH(0x8ba0a64)', 'data/template/template/ga/default/admin/params/editparams.htm...') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 556 Template::Provider::_fetch_path('Template::Provider=HASH(0x8a01b38)', 'admin/params/editparams.html.tmpl') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 148 Template::Provider::fetch('Template::Provider=HASH(0x8a01b38)', 'admin/params/editparams.html.tmpl', 'undef') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Context.pm line 139 Template::Context::template('Template::Context=HASH(0x8a01940)', 'admin/params/editparams.html.tmpl') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Service.pm line 72 eval {...} called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Service.pm line 72 Template::Service::process('Template::Service=HASH(0x89df0bc)', 'admin/params/editparams.html.tmpl', 'HASH(0x811e7a0)') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template.pm line 71 Template::process('Bugzilla::Template=HASH(0x89a2ab4)', 'admin/params/editparams.html.tmpl', 'HASH(0x811e7a0)') called at /var/www/html/bugzilla222/editparams.cgi line 134
Comment 2 Frédéric Buclin 2006-04-25 07:26:21 PDT
(In reply to comment #0)
> this happens when set only one language,
> e.g.: 2 to 1, or 3 to 1, not happen 3 to 2 etc.

The problem also occurs with 1 to 1 (e.g. en to foo, also with foo to en).
Comment 3 Max Kanat-Alexander 2006-04-25 12:03:03 PDT
So, everything works fine, but Bugzilla just throws an error. That's not a blocker.
Comment 4 Frédéric Buclin 2006-07-31 07:01:44 PDT
*** Bug 346674 has been marked as a duplicate of this bug. ***
Comment 5 Frédéric Buclin 2006-08-18 18:53:41 PDT
I definitely don't understand why it fails when only one language is given. I don't see why it's tainted in this case. It seems that it fails on the removed language. But maybe is it just a coincidence.
Comment 6 Max Kanat-Alexander 2006-08-19 10:53:40 PDT
Do you have different versions of File::Temp on your 2.22 installation and on your tip installation? Maybe that's it.
Comment 7 Frédéric Buclin 2006-08-19 10:55:17 PDT
(In reply to comment #6)
> Do you have different versions of File::Temp on your 2.22 installation and on
> your tip installation?

Of course not. :-/
Comment 8 victory <never@receive.bug.mails.i.hate.spammer> 2006-10-19 12:04:27 PDT
now line number changed.
 probably different version of File::Temp module.
 (current: $VERSION = '0.17';)

 First error: file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/local/share/perl/5.8.7/File/Temp.pm line 502.
Second error: file error - cache failed to write code-error.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/local/share/perl/5.8.7/File/Temp.pm line 502.
Comment 9 Frédéric Buclin 2007-06-02 03:16:49 PDT
2.22 is now restricted to security bugs only, and 3.0 is not affected by this bug. wontfix
Comment 10 Frédéric Buclin 2007-08-16 18:29:10 PDT
Reopening! This bug seems to be back, but with a different error message:

Template->process() failed twice.
First error: undef error - Not a GLOB reference at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.
Second error: undef error - Not a GLOB reference at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.

I can reproduce on 3.0.1 and 3.1.1 (with the fix from bug 390756). No idea why this error message changed though. Maybe is it because I upgraded TT or any other package? Anyway, the error message is different, but the crash still occurs.
Comment 11 Frédéric Buclin 2007-08-16 18:46:32 PDT
(In reply to comment #10)
> First error: undef error - Not a GLOB reference at
> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.

I added |print ref($name)| right before LOAD: in Template/Provider.pm and it says HASH, not GLOB! Moreover, it's an emtpy hashref, it has no key; scalar(keys %$name) returns 0.

    LOAD: {
        if (ref $name eq 'SCALAR') {
            # $name can be a SCALAR reference to the input text...
            ...
        }
        elsif (ref $name) {
            # ...or a GLOB or file handle...
            my $text = <$name>;
            ...
Comment 12 Frédéric Buclin 2007-08-16 19:14:25 PDT
Created attachment 277031 [details]
debug

If this can help someone track the problem, here is what I could get.
Comment 13 Frédéric Buclin 2007-08-16 19:39:14 PDT
When I ask Bugzilla::Template::Hook::process() to display one path per row it's looking at, I get:

./template/en, fr/custom

./template/en, fr/default

./template/en/custom

./template/en/default

Do you see the problem? The first two rows contains: /en, fr/ instead of /fr/ alone, i.e. Bugzilla->params->{'languages'} is not split on commas!
Comment 14 Frédéric Buclin 2007-08-16 20:01:15 PDT
Created attachment 277034 [details] [diff] [review]
patch for 3.1, v1

Here we go. Seems to fix the problem for me on 3.1.1. I will backport it to branches tomorrow... it's 5am and I'm really tired now.
Comment 15 Marc Schumann [:Wurblzap] 2007-08-16 22:18:41 PDT
Comment on attachment 277034 [details] [diff] [review]
patch for 3.1, v1

Fixes issue (tested in conjunction with the patch of bug 390756), code all right; r=Wurblzap.
Comment 16 Frédéric Buclin 2007-08-17 03:52:05 PDT
Created attachment 277068 [details] [diff] [review]
patch for 3.0, v1

The problem is a bit different for 3.0.1. I thought I was writing "en, fr" in the 'languages' field, but I was writing it in the 'defaultlanguage' field, and the validation routine didn't even complain about that! But then TT was looking for this weird "template/en, fr/default" path, which crashes it.

Also, changing 'defaultlanguage' crashes Bugzilla due to a taint issue in User::Setting::add_setting(). Yes, Bugzilla->params->{'defaultlanguage'} is tainted!

And finally, writing "en, en" in the 'languages' field crashes Bugzilla again because User::Setting::add_setting() tries to insert 'en' twice in the DB, generating a duplicated key.

My patch addresses all these problems.
Comment 17 Frédéric Buclin 2007-08-17 03:55:16 PDT
Created attachment 277069 [details] [diff] [review]
patch for 3.1, v2

Updated patch for 3.1 to address this duplicated key error when writing 'en, en' in the 'languages' field. The validation routine is a bit cleaner than for 3.0.1 because 'defaultlanguage' no longer exists.
Comment 18 Frédéric Buclin 2007-08-17 08:48:27 PDT
Comment on attachment 277068 [details] [diff] [review]
patch for 3.0, v1

>+       push(@validated_languages, $language) unless $lang_seen{$language}++

Don't worry, I will add the missing semicolon on checkin, despite it doesn't hurt here. ;)
Comment 19 Marc Schumann [:Wurblzap] 2007-08-17 14:07:27 PDT
Maybe it's a separate bug, but I think editparams.cgi should remove duplicate entries from languages. Your patch wouldn't have to worry about such an (imho senseless) setting. Oh well; this doesn't matter after bug 365378.
Comment 20 Frédéric Buclin 2007-08-17 14:12:18 PDT
(In reply to comment #19)
> Maybe it's a separate bug, but I think editparams.cgi should remove duplicate
> entries from languages.

It does remove them. Bugzilla::Config::Common contains all the validation routines used by editparams.cgi.
Comment 21 Max Kanat-Alexander 2007-08-17 17:18:34 PDT
Comment on attachment 277069 [details] [diff] [review]
patch for 3.1, v2

This certainly looks right to me, but I'll let Wurblzap verify.
Comment 22 Marc Schumann [:Wurblzap] 2007-08-20 13:40:43 PDT
Tested; both work. Code is good. r=Wurblzap.
Comment 23 Frédéric Buclin 2007-08-20 14:10:17 PDT
tip:

Checking in Bugzilla/Template.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Template.pm,v  <--  Template.pm
new revision: 1.74; previous revision: 1.73
done
Checking in Bugzilla/Config/Common.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config/Common.pm,v  <--  Common.pm
new revision: 1.17; previous revision: 1.16
done
Checking in Bugzilla/Install/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Install/Util.pm,v  <--  Util.pm
new revision: 1.8; previous revision: 1.7
done


3.0:

Checking in editparams.cgi;
/cvsroot/mozilla/webtools/bugzilla/editparams.cgi,v  <--  editparams.cgi
new revision: 1.43.2.1; previous revision: 1.43
done
Checking in Bugzilla/Config/Common.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config/Common.pm,v  <--  Common.pm
new revision: 1.14.2.1; previous revision: 1.14
done

Note You need to log in before you can comment on or make changes to this bug.