Closed
Bug 347213
Opened 18 years ago
Closed 17 years ago
process bug doesn't seem to let me preemptively mark a bug into a group when the old product didn't allow it
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 3.2
People
(Reporter: timeless, Assigned: LpSolit)
References
()
Details
Attachments
(1 file, 1 obsolete file)
|
26.55 KB,
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
Steps: 0. be a member of two groups (webtools security, security) 1. load a bug 304224 that's in a product with one group (webtools security) 2. change the product to a product (mozilla.org) that allows you to use a different group (security) 3. tag the bug as webtools security (to make it easier for you to hack the url later) 4. use frmget javascript:(function(){var x,i; x = document.forms; for (i = 0; i < x.length; ++i) x[i].method=%22get%22; alert(%22Changed %22 + x.length + %22 forms to use the GET method. After submitting a form from this page, you should be able to bookmark the result.%22); })(); 5. enter '@' into the cc list 6. click commit 7. hack the url so that it seems to have every bit you can possibly imagine (without looking up a list of bits): https://bugzilla.mozilla.org/process_bug.cgi?delta_ts=2005-09-22+02%3A16%3A40&longdesclength=5&id=304224&alias=&product=mozilla.org&component=Attachments+%26+Requests&rep_platform=PC&op_sys=Windows+XP&version=2.19.1&priority=--&bug_severity=trivial&target_milestone=---&newcc=&cc=&qa_contact=nobody%40mozilla.org&bug_file_loc=&short_desc=This+is+a+security+bug+for+testing+purposes&status_whiteboard=&keywords=&dependson=&blocked=&comment=moving+this+bug+in+order+to+reset+the+flag&bit-1=1&bit-2=1&bit-3=1&bit-4=1&bit-5=1&bit-6=1&bit-7=1&bit-8=1&bit-9=1&bit-10=1&bit-11=1&bit-12=1&bit-13=1&bit-14=1&bit-15=1&bit-16=1&bit-17=1&bit-18=1&bit-19=1&bit-20=1&bit-21=1&knob=none&form_name=process_bug (don't forget to remove &newcc=%40) 8. you'll get a page that looks like this: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Verify New Product Details...</title> <link rel="icon" href="mozilla-16.png" type="image/png"> <link rel="Top" href="https://bugzilla.mozilla.org/"> <link rel="Saved Searches" title="My Bugs" href="buglist.cgi?bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailreporter1=1&emailtype1=exact&email1=timeless%40bemail.org&field0-0-0=bug_status&type0-0-0=notequals&value0-0-0=UNCONFIRMED&field0-0-1=reporter&type0-0-1=equals&value0-0-1=timeless%40bemail.org"> <link rel="Saved Searches" title="* Ready" href="buglist.cgi?cmdtype=runnamed&namedcmd=%2A%20Ready"> <link rel="Saved Searches" title="beos-checkins" href="buglist.cgi?cmdtype=runnamed&namedcmd=beos-checkins"> <link rel="Saved Searches" title="Camino" href="buglist.cgi?cmdtype=runnamed&namedcmd=Camino"> <link rel="Saved Searches" title="check1.8.0.2" href="buglist.cgi?cmdtype=runnamed&namedcmd=check1.8.0.2"> <link rel="Saved Searches" title="check1.8.0.2" href="buglist.cgi?cmdtype=runnamed&namedcmd=check1.8.0.2"> <link rel="Saved Searches" title="check1.8.1" href="buglist.cgi?cmdtype=runnamed&namedcmd=check1.8.1"> <link rel="Saved Searches" title="check1.8.1" href="buglist.cgi?cmdtype=runnamed&namedcmd=check1.8.1"> <link rel="Saved Searches" title="nbaca" href="buglist.cgi?cmdtype=runnamed&namedcmd=nbaca"> <link rel="Saved Searches" title="old verifyme" href="buglist.cgi?cmdtype=runnamed&namedcmd=old%20verifyme"> <link rel="Saved Searches" title="patched" href="buglist.cgi?cmdtype=runnamed&namedcmd=patched"> <link rel="Saved Searches" title="QA" href="buglist.cgi?cmdtype=runnamed&namedcmd=QA"> <link rel="Saved Searches" title="Ready" href="buglist.cgi?cmdtype=runnamed&namedcmd=Ready"> <link rel="Saved Searches" title="Ready" href="buglist.cgi?cmdtype=runnamed&namedcmd=Ready"> <link rel="Saved Searches" title="Ready (Locked)" href="buglist.cgi?cmdtype=runnamed&namedcmd=Ready%20%28Locked%29"> <link rel="Saved Searches" title="Ready (Locked)" href="buglist.cgi?cmdtype=runnamed&namedcmd=Ready%20%28Locked%29"> <link rel="Saved Searches" title="requests" href="buglist.cgi?cmdtype=runnamed&namedcmd=requests"> <link rel="Saved Searches" title="requests" href="buglist.cgi?cmdtype=runnamed&namedcmd=requests"> <link rel="Saved Searches" title="security-month" href="buglist.cgi?cmdtype=runnamed&namedcmd=security-month"> <link rel="Saved Searches" title="solaris" href="buglist.cgi?cmdtype=runnamed&namedcmd=solaris"> <link rel="Saved Searches" title="sun" href="buglist.cgi?cmdtype=runnamed&namedcmd=sun"> <link rel="Saved Searches" title="test" href="buglist.cgi?cmdtype=runnamed&namedcmd=test"> <link rel="Saved Searches" title="test" href="buglist.cgi?cmdtype=runnamed&namedcmd=test"> <link rel="Saved Searches" title="timeless" href="buglist.cgi?cmdtype=runnamed&namedcmd=timeless"> <link rel="Administration" title="Products" href="editproducts.cgi"><link rel="Administration" title="Flag Types" href="editflagtypes.cgi"><link rel="Administration" title="Keywords" href="editkeywords.cgi"><link rel="Administration" title="Whining" href="editwhines.cgi"> <script type="text/javascript"> <!-- function initHelp() {} // --> </script> <link href="skins/standard/global.css" rel="stylesheet" type="text/css"> <link href="skins/custom/global.css" rel="stylesheet" type="text/css"> </head> <body onload="" class="bugzilla-mozilla-org"> <div id="container"> <div id="mozilla-org"><a href="http://www.mozilla.org/" title="Visit mozilla.org">Visit mozilla.org</a></div> <div id="banner"> <div class="intro"></div> <p id="banner-name"> <a href="https://bugzilla.mozilla.org/" title="Return to Bugzilla Home"> <span>Mozilla's Bugzilla</span> </a></p> <p id="banner-version"> <span>Bugzilla</span> <span>Version 2.20+</span> </p> <div class="outro"></div> </div> <div style="clear: both;"></div> <div id="header"> <h1>Verify New Product Details...</h1> </div> <form action="process_bug.cgi" method="post"> <input type="hidden" name="delta_ts" value="2005-09-22 02:16:40"> <input type="hidden" name="longdesclength" value="5"> <input type="hidden" name="id" value="304224"> <input type="hidden" name="alias" value=""> <input type="hidden" name="product" value="mozilla.org"> <input type="hidden" name="rep_platform" value="PC"> <input type="hidden" name="op_sys" value="Windows XP"> <input type="hidden" name="priority" value="--"> <input type="hidden" name="bug_severity" value="trivial"> <input type="hidden" name="cc" value=""> <input type="hidden" name="bug_file_loc" value=""> <input type="hidden" name="short_desc" value="This is a security bug for testing purposes"> <input type="hidden" name="status_whiteboard" value=""> <input type="hidden" name="keywords" value=""> <input type="hidden" name="dependson" value=""> <input type="hidden" name="blocked" value=""> <input type="hidden" name="comment" value="moving this bug in order to reset the flag"> <input type="hidden" name="bit-1" value="1"> <input type="hidden" name="bit-2" value="1"> <input type="hidden" name="bit-3" value="1"> <input type="hidden" name="bit-4" value="1"> <input type="hidden" name="bit-5" value="1"> <input type="hidden" name="bit-6" value="1"> <input type="hidden" name="bit-7" value="1"> <input type="hidden" name="bit-8" value="1"> <input type="hidden" name="bit-9" value="1"> <input type="hidden" name="bit-10" value="1"> <input type="hidden" name="bit-11" value="1"> <input type="hidden" name="bit-12" value="1"> <input type="hidden" name="bit-13" value="1"> <input type="hidden" name="bit-14" value="1"> <input type="hidden" name="bit-15" value="1"> <input type="hidden" name="bit-16" value="1"> <input type="hidden" name="bit-17" value="1"> <input type="hidden" name="bit-18" value="1"> <input type="hidden" name="bit-19" value="1"> <input type="hidden" name="bit-20" value="1"> <input type="hidden" name="bit-21" value="1"> <input type="hidden" name="knob" value="none"> <input type="hidden" name="form_name" value="process_bug"> <input type="hidden" name="dontchange" value=""> <input type="hidden" name="qa_contact" value="nobody@mozilla.org"> <h3>Verify Version, Component, Target Milestone</h3> <p> You are moving the bug(s) to the product <b>mozilla.org</b>, and the version, component, and/or target milestone fields are no longer correct. Please set the correct version, component, and target milestone now: <p> <table> <tr> <td> <b>Version:</b><br><select name="version" > <option value="other">other </option> </select> </td> <td> <b>Component:</b><br><select name="component" > <option value="Bugzilla: Keywords & Components">Bugzilla: Keywords & Components </option> <option value="Bugzilla: Other b.m.o Issues">Bugzilla: Other b.m.o Issues </option> <option value="Build & Release">Build & Release </option> <option value="CA Certificates">CA Certificates </option> <option value="CVS Account Request">CVS Account Request </option> <option value="CVS: Administration">CVS: Administration </option> <option value="CVS: Copy">CVS: Copy </option> <option value="FTP: Mirrors">FTP: Mirrors </option> <option value="FTP: Staging">FTP: Staging </option> <option value="Governance">Governance </option> <option value="Licensing">Licensing </option> <option value="Miscellaneous">Miscellaneous </option> <option value="Mozilla Store">Mozilla Store </option> <option value="Newsgroups">Newsgroups </option> <option value="Server Operations">Server Operations </option> <option value="Server Operations Projects">Server Operations Projects </option> <option value="Talkback Server & Webtool">Talkback Server & Webtool </option> <option value="Test Tracker">Test Tracker </option> <option value="Tinderbox Configuration">Tinderbox Configuration </option> <option value="Tinderbox Platforms">Tinderbox Platforms </option> <option value="www.mozilla.org">www.mozilla.org </option> </select> </td> <td> <b>Target Milestone:</b><br><select name="target_milestone" > <option value="---" selected>--- </option> </select> </td> </tr> </table> <input type="submit" value="Commit"> </form> <hr> <a href="query.cgi">Cancel and Return to the Search Page</a> <div id="footer"> <div class="intro"></div> <form method="get" action="show_bug.cgi"> <div id="useful-links"> <div id="links-actions"> <div class="label">Actions:</div> <div class="links"> <a href="./">Home</a> | <a href="enter_bug.cgi">New</a> | <a href="query.cgi">Search</a> | bug # <input class="txt" name="id" size="6"> <input class="btn" type="submit" value="Find"> | <a href="report.cgi">Reports</a> | <a href="request.cgi?requester=timeless%40bemail.org&requestee=timeless%40bemail.org&do_union=1&group=type">My Requests</a> | <a href="votes.cgi?action=show_user">My Votes</a> | <a href="relogin.cgi">Log out</a> timeless@bemail.org </div> </div> <div id="links-edit"> <div class="label">Edit:</div> <div class="links"> <a href="userprefs.cgi">Prefs</a> | <a href="editusers.cgi">Users</a> | <a href="editproducts.cgi">Products</a> | <a href="editflagtypes.cgi">Flags</a> | <a href="editvalues.cgi">Field Values</a> | <a href="editkeywords.cgi">Keywords</a> | <a href="editwhines.cgi">Whining</a> </div> </div> <div id="links-saved"> <div class="label"> Saved Searches: </div> <div class="links"> <a href="buglist.cgi?bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailreporter1=1&emailtype1=exact&email1=timeless%40bemail.org&field0-0-0=bug_status&type0-0-0=notequals&value0-0-0=UNCONFIRMED&field0-0-1=reporter&type0-0-1=equals&value0-0-1=timeless%40bemail.org">My Bugs</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=Camino">Camino</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=check1.8.0.2">check1.8.0.2</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=check1.8.0.2">check1.8.0.2</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=check1.8.1">check1.8.1</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=check1.8.1">check1.8.1</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=patched">patched</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=QA">QA</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=Ready">Ready</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=Ready">Ready</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=Ready%20%28Locked%29">Ready (Locked)</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=Ready%20%28Locked%29">Ready (Locked)</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=requests">requests</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=requests">requests</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=security-month">security‑month</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=test">test</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=test">test</a> | <a href="buglist.cgi?cmdtype=runnamed&namedcmd=timeless">timeless</a> </div> </div> </div> </form> <div class="outro"></div> </div> </div> </body> </html> Afaik this includes some relatively valid bits. 9. select a component 10. click commit 11. check the bug and note that it failed to be added to security 12. remove the bug from webtools-security and add it to security and commit 13. use frmget/newcc=@ to verify the appearance of the bit format: https://bugzilla.mozilla.org/process_bug.cgi?delta_ts=2006-08-03+11%3A10%3A31&longdesclength=6&id=304224&alias=&product=mozilla.org&component=Test+Tracker&rep_platform=PC&op_sys=Windows+XP&version=other&priority=--&bug_severity=trivial&target_milestone=---&newcc=%40&cc=&qa_contact=nobody%40mozilla.org&bug_file_loc=&short_desc=This+is+a+security+bug+for+testing+purposes&status_whiteboard=&keywords=&dependson=&blocked=&comment=&bit-2=1&reporter_accessible=1&cclist_accessible=1&knob=none&form_name=process_bug I know that newer bugzillas have more convoluted security options in the intermediate page, so this might not be a bug w/ tip. but it bothers me.
|
||
Updated•18 years ago
|
Assignee: justdave → create-and-change
Component: Bugzilla: Other b.m.o Issues → Creating/Changing Bugs
Product: mozilla.org → Bugzilla
QA Contact: myk → default-qa
Version: other → 2.20
|
Assignee | |
Updated•17 years ago
|
Blocks: 271023
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: SunOS → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 3.0
|
|
Assignee | |
Comment 1•17 years ago
|
||
This patch lets you choose the exact groups you want to put the bug(s) into. Of course, it checks for mandatory groups and force the inclusion in these groups. In the same way it doesn't let you put bugs into groups which are not legal for the given product. I changed the logic a lot, i.e. instead of only allowing to move bugs into the default groups of the new product, it also lets you move bugs into groups marked as SHOWN/*. This way, you can e.g. move bugs from webtools-security to update-security on b.m.o despite none of them is a default group for their respective product. IMO, the UI is now much more intuitive and the logic in the back-end much more understandable (and readable). Due to conflicts, this patch depends on the one from bug 382978 (which does some nice cleanup in process_bug.cgi). Last but not least, this patch also fixes bug 303183.
Assignee: create-and-change → LpSolit
Status: NEW → ASSIGNED
Attachment #267055 -
Flags: review?(wicked+bz)
Attachment #267055 -
Flags: review?(justdave)
Attachment #267055 -
Flags: review?(bugreport)
|
|
Assignee | |
Comment 2•17 years ago
|
||
For some unknown reason, bug/process/verify-new-product.html.tmpl was not compiling on landfill (which uses TT 2.15) while I had no problem on my local installation (which uses TT 2.18). This patch addresses this problem and the template now compiles correctly with both TT 2.15 and TT 2.18.
Attachment #267055 -
Attachment is obsolete: true
Attachment #267063 -
Flags: review?(wicked+bz)
Attachment #267063 -
Flags: review?(justdave)
Attachment #267063 -
Flags: review?(bugreport)
Attachment #267055 -
Flags: review?(wicked+bz)
Attachment #267055 -
Flags: review?(justdave)
Attachment #267055 -
Flags: review?(bugreport)
|
|
Assignee | |
Comment 3•17 years ago
|
||
You can see this patch running at http://landfill.bugzilla.org/bz_group/.
|
||
Comment 4•17 years ago
|
||
Comment on attachment 267063 [details] [diff] [review] patch, v1.1 >Index: process_bug.cgi > [snip] >+ my $gids = $dbh->selectcol_arrayref('SELECT bgm.group_id >+ FROM bug_group_map bgm > [snip] I think this piece of SQL definitely needs a comment explaining what it's doing. Also, I prefer "bug_group_map AS bgm", which is more readable. (Our Oracle driver actually handles that fine, so you can still do it.) >+ WHERE bgm.bug_id IN (' . join(', ', @idlist) . ') Nit: I'd also move this WHERE back to be aligned with the FROM. >+# XXX - FIXME What do we do if the only changes are about groups? Maybe make a boolean variable called something like $groups_changed and use that. Everything else actually looks pretty good, but I still have to test it.
|
|
||
Comment 5•17 years ago
|
||
Comment on attachment 267063 [details] [diff] [review] patch, v1.1 >+ <p>These groups are not legal for the '[% product.name FILTER html %]' >+ product or you are not allowed to restrict [% terms.bugs %] to these groups. >+ [%+ terms.Bugs %] will no longer be restricted to these groups and may become > [snip] I have a bug in four groups. I remove it from two groups and also change the product at the same time. However, all four groups still show up here. That's not a huge problem, but if it's easy to solve then it'd be nice to fix. By the way, unrelated to this bug, but for some reason when I try to do a mass change, MySQL crashes. As far as I'm concerned, the patch looks good, though. (Although I couldn't test mass-changes.)
Attachment #267063 -
Flags: review?(justdave) → review+
|
|
||
Comment 6•17 years ago
|
||
Oh, I think this patch is too big to take on the branch, though.
|
||
Comment 7•17 years ago
|
||
(In reply to comment #6) > Oh, I think this patch is too big to take on the branch, though. I really, *really* want this on the branch.
|
|
||
Comment 8•17 years ago
|
||
(In reply to comment #7) > (In reply to comment #6) > I really, *really* want this on the branch. I understand, but it's a major change in groups code, along with a rather significant template change. I can't really, in good conscience, approve a patch on the branch that isn't absolutely *necessary* if it does those things. If this introduces some security hole that we haven't seen, that's much less damaging on the tip (in just a development release) than it would be on the 3.0 branch, particularly when 3.0 is as stable as it is.
|
|
Assignee | |
Comment 9•17 years ago
|
||
I agree with Max that this is a too big and ¡nvasive fix to take for 3.0. I don't say we shouldn't backport anything for 3.0, but probably we should propose a minimal fix only, both in the front-end and in the back-end. If neither joel nor wicked have something to say about this patch, I will approve it later this week.
Flags: approval?
|
|
Assignee | |
Comment 10•17 years ago
|
||
I just talked about this bug on IRC with justdave, and we won't take it on the 3.0 branch. Updating the target milestone consequently.
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2
|
|
Assignee | |
Comment 11•17 years ago
|
||
OK, it's time to commit this one. If there is something wrong with my patch, we will catch and fix it in separate bugs.
Flags: approval? → approval+
|
|
Assignee | |
Updated•17 years ago
|
Attachment #267063 -
Flags: review?(wicked)
Attachment #267063 -
Flags: review?(bugreport)
|
|
Assignee | |
Comment 12•17 years ago
|
||
(In reply to comment #5) > I have a bug in four groups. I remove it from two groups and also change the > product at the same time. > > However, all four groups still show up here. That's intended. I really want the user to realize what the move will do. Even if he unchecked some groups, I still want to display them in the confirmation page, as an ultimate reminder. I think it doesn't hurt and will be useful more often than annoying. > By the way, unrelated to this bug, but for some reason when I try to do a > mass change, MySQL crashes. Weird, mine installation doesn't crash. Does it crash for all mass-changes or only some specific ones? Checking in process_bug.cgi; /cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v <-- process_bug.cgi new revision: 1.365; previous revision: 1.364 done Checking in template/en/default/bug/process/verify-new-product.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/process/verify-new-product.html.tmpl,v <-- verify-new-product.html.tmpl new revision: 1.22; previous revision: 1.21 done
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•