Closed Bug 335354 Opened 18 years ago Closed 17 years ago

editparams.cgi crashes when editing the 'languages' and 'defaultlanguage' parameters

Categories

(Bugzilla :: Administration, task, P2)

2.22

Tracking

()

RESOLVED FIXED
Bugzilla 3.0

People

(Reporter: spam, Assigned: LpSolit)

References

()

Details

Attachments

(3 files, 1 obsolete file)

1. copy entire template/en/ directory as other name(XX)
2. add the lang(XX) to languages param
3. post
4. delete the lang from languages param
5. post

then always get this:
--
 Bugzilla has suffered an internal error. Please save this page and send it to (maintainer) with details of what you were doing at the time this message appeared.

URL: (installation-of bugzilla)/bugzilla/editparams.cgi

Template->process() failed twice.
First error: file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/share/perl/5.8/File/Temp.pm line 486.
Second error: file error - cache failed to write code-error.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/share/perl/5.8/File/Temp.pm line 486.
--

this happens when set only one language,
e.g.: 2 to 1, or 3 to 1, not happen 3 to 2 etc.
this doesn't happen on tip, only 2.22.

actual value posted was saved so i set this as 'minor'
Whiteboard: [2.22 only]
Not that minor. I have no clue why it crashes on 2.22 only and not on tip. Bonsai shows that editparams.cgi, and its corresponding .pm and .html.tmpl files didn't change between 2.22 and tip.

The issue occurs at the last line (134) of editparams.cgi (visible when turning on die_with_dignity):

$template->process("admin/params/editparams.html.tmpl", $vars)
    || ThrowTemplateError($template->error());


Insecure dependency in require while running with -T switch at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 607. Insecure dependency in sysopen while running with -T switch at /usr/lib/perl5/5.8.7/File/Temp.pm line 486. file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/lib/perl5/5.8.7/File/Temp.pm line 486. at globals.pl line 103 main::die_with_dignity('Insecure dependency in sysopen while running with -T switch a...') called at /usr/lib/perl5/5.8.7/File/Temp.pm line 486 File::Temp::_gettemp('data/template/template/ga/default/admin/params/XXXXXXXXXX', 'open', 1, 'mkdir', 0, 'unlink_on_close', 0, 'suffixlen', 0, ...) called at /usr/lib/perl5/5.8.7/File/Temp.pm line 1273 File::Temp::tempfile('DIR', 'data/template/template/ga/default/admin/params') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Document.pm line 295 eval {...} called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Document.pm line 292 Template::Document::write_perl_file('Template::Document', 'data/template/template/ga/default/admin/params/editparams.htm...', 'HASH(0x8c2b5ec)') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 880 Template::Provider::_compile('Template::Provider=HASH(0x8a01b38)', 'HASH(0x8ba0a64)', 'data/template/template/ga/default/admin/params/editparams.htm...') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 556 Template::Provider::_fetch_path('Template::Provider=HASH(0x8a01b38)', 'admin/params/editparams.html.tmpl') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Provider.pm line 148 Template::Provider::fetch('Template::Provider=HASH(0x8a01b38)', 'admin/params/editparams.html.tmpl', 'undef') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Context.pm line 139 Template::Context::template('Template::Context=HASH(0x8a01940)', 'admin/params/editparams.html.tmpl') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Service.pm line 72 eval {...} called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template/Service.pm line 72 Template::Service::process('Template::Service=HASH(0x89df0bc)', 'admin/params/editparams.html.tmpl', 'HASH(0x811e7a0)') called at /usr/lib/perl5/vendor_perl/5.8.7/i386-linux/Template.pm line 71 Template::process('Bugzilla::Template=HASH(0x89a2ab4)', 'admin/params/editparams.html.tmpl', 'HASH(0x811e7a0)') called at /var/www/html/bugzilla222/editparams.cgi line 134
Severity: minor → normal
Flags: blocking2.22?
Keywords: qawanted
Priority: -- → P2
(In reply to comment #0)
> this happens when set only one language,
> e.g.: 2 to 1, or 3 to 1, not happen 3 to 2 etc.

The problem also occurs with 1 to 1 (e.g. en to foo, also with foo to en).
Flags: blocking2.22? → blocking2.22.1?
So, everything works fine, but Bugzilla just throws an error. That's not a blocker.
Flags: blocking2.22.1? → blocking2.22.1-
*** Bug 346674 has been marked as a duplicate of this bug. ***
I definitely don't understand why it fails when only one language is given. I don't see why it's tainted in this case. It seems that it fails on the removed language. But maybe is it just a coincidence.
Keywords: helpwanted
Do you have different versions of File::Temp on your 2.22 installation and on your tip installation? Maybe that's it.
(In reply to comment #6)
> Do you have different versions of File::Temp on your 2.22 installation and on
> your tip installation?

Of course not. :-/
now line number changed.
 probably different version of File::Temp module.
 (current: $VERSION = '0.17';)

 First error: file error - cache failed to write editparams.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/local/share/perl/5.8.7/File/Temp.pm line 502.
Second error: file error - cache failed to write code-error.html.tmpl: Insecure dependency in sysopen while running with -T switch at /usr/local/share/perl/5.8.7/File/Temp.pm line 502.
2.22 is now restricted to security bugs only, and 3.0 is not affected by this bug. wontfix
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: qawanted
Resolution: --- → WONTFIX
Target Milestone: Bugzilla 2.22 → ---
Reopening! This bug seems to be back, but with a different error message:

Template->process() failed twice.
First error: undef error - Not a GLOB reference at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.
Second error: undef error - Not a GLOB reference at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.

I can reproduce on 3.0.1 and 3.1.1 (with the fix from bug 390756). No idea why this error message changed though. Maybe is it because I upgraded TT or any other package? Anyway, the error message is different, but the crash still occurs.
Status: RESOLVED → REOPENED
Keywords: qawanted
Resolution: WONTFIX → ---
Whiteboard: [2.22 only]
(In reply to comment #10)
> First error: undef error - Not a GLOB reference at
> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Template/Provider.pm line 646.

I added |print ref($name)| right before LOAD: in Template/Provider.pm and it says HASH, not GLOB! Moreover, it's an emtpy hashref, it has no key; scalar(keys %$name) returns 0.

    LOAD: {
        if (ref $name eq 'SCALAR') {
            # $name can be a SCALAR reference to the input text...
            ...
        }
        elsif (ref $name) {
            # ...or a GLOB or file handle...
            my $text = <$name>;
            ...
Attached file debug
If this can help someone track the problem, here is what I could get.
When I ask Bugzilla::Template::Hook::process() to display one path per row it's looking at, I get:

./template/en, fr/custom

./template/en, fr/default

./template/en/custom

./template/en/default

Do you see the problem? The first two rows contains: /en, fr/ instead of /fr/ alone, i.e. Bugzilla->params->{'languages'} is not split on commas!
Attached patch patch for 3.1, v1 (obsolete) — Splinter Review
Here we go. Seems to fix the problem for me on 3.1.1. I will backport it to branches tomorrow... it's 5am and I'm really tired now.
Assignee: administration → LpSolit
Status: REOPENED → ASSIGNED
Attachment #277034 - Flags: review?(wurblzap)
Attachment #277034 - Flags: review?(mkanat)
Comment on attachment 277034 [details] [diff] [review]
patch for 3.1, v1

Fixes issue (tested in conjunction with the patch of bug 390756), code all right; r=Wurblzap.
Attachment #277034 - Flags: review?(wurblzap) → review+
The problem is a bit different for 3.0.1. I thought I was writing "en, fr" in the 'languages' field, but I was writing it in the 'defaultlanguage' field, and the validation routine didn't even complain about that! But then TT was looking for this weird "template/en, fr/default" path, which crashes it.

Also, changing 'defaultlanguage' crashes Bugzilla due to a taint issue in User::Setting::add_setting(). Yes, Bugzilla->params->{'defaultlanguage'} is tainted!

And finally, writing "en, en" in the 'languages' field crashes Bugzilla again because User::Setting::add_setting() tries to insert 'en' twice in the DB, generating a duplicated key.

My patch addresses all these problems.
Attachment #277068 - Flags: review?(wurblzap)
Updated patch for 3.1 to address this duplicated key error when writing 'en, en' in the 'languages' field. The validation routine is a bit cleaner than for 3.0.1 because 'defaultlanguage' no longer exists.
Attachment #277034 - Attachment is obsolete: true
Attachment #277069 - Flags: review?(wurblzap)
Attachment #277034 - Flags: review?(mkanat)
Keywords: helpwanted, qawanted
Target Milestone: --- → Bugzilla 3.0
Comment on attachment 277068 [details] [diff] [review]
patch for 3.0, v1

>+       push(@validated_languages, $language) unless $lang_seen{$language}++

Don't worry, I will add the missing semicolon on checkin, despite it doesn't hurt here. ;)
Maybe it's a separate bug, but I think editparams.cgi should remove duplicate entries from languages. Your patch wouldn't have to worry about such an (imho senseless) setting. Oh well; this doesn't matter after bug 365378.
(In reply to comment #19)
> Maybe it's a separate bug, but I think editparams.cgi should remove duplicate
> entries from languages.

It does remove them. Bugzilla::Config::Common contains all the validation routines used by editparams.cgi.
Comment on attachment 277069 [details] [diff] [review]
patch for 3.1, v2

This certainly looks right to me, but I'll let Wurblzap verify.
Attachment #277069 - Flags: review+
Attachment #277069 - Flags: review?(wurblzap) → review+
Attachment #277068 - Flags: review?(wurblzap) → review+
Tested; both work. Code is good. r=Wurblzap.
Flags: approval?
Flags: approval3.0?
Flags: approval?
Flags: approval3.0?
Flags: approval3.0+
Flags: approval+
tip:

Checking in Bugzilla/Template.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Template.pm,v  <--  Template.pm
new revision: 1.74; previous revision: 1.73
done
Checking in Bugzilla/Config/Common.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config/Common.pm,v  <--  Common.pm
new revision: 1.17; previous revision: 1.16
done
Checking in Bugzilla/Install/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Install/Util.pm,v  <--  Util.pm
new revision: 1.8; previous revision: 1.7
done


3.0:

Checking in editparams.cgi;
/cvsroot/mozilla/webtools/bugzilla/editparams.cgi,v  <--  editparams.cgi
new revision: 1.43.2.1; previous revision: 1.43
done
Checking in Bugzilla/Config/Common.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config/Common.pm,v  <--  Common.pm
new revision: 1.14.2.1; previous revision: 1.14
done
Status: ASSIGNED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED
Summary: 'Template->process() failed twice' when make languages param multiple to 1 → editparams.cgi crashes when editing the 'languages' and 'defaultlanguage' parameters
You need to log in before you can comment on or make changes to this bug.