Closed
Bug 348397
Opened 18 years ago
Closed 14 years ago
Bugzilla::Bug::AUTOLOAD is not affected by $self->{error}
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mkanat, Unassigned)
References
(Depends on 1 open bug)
Details
I'm filing this initially as a security bug until we make sure that it doesn't have any negative security effects. Basically, at one point we made all of Bugzilla::Bug's subroutines check $self->{error}, and return an "empty" value if it was set. However, we forgot to fix the AUTOLOAD. It's a simple fix, but I wanted to see if we need to backport this, or if changing it will have bad effects somewhere else.
Comment 1•18 years ago
|
||
I think we were safe till now because if the user couldn't see the bug, all $bug->{'foo'} were empty, and so $bug->foo would return an empty string too. So bug 348057 could only introduce potential security risks on trunk only. All branches are safe IMO.
Updated•16 years ago
|
Group: webtools-security → bugzilla-security
Updated•16 years ago
|
Group: bugzilla-security → webtools-security
Updated•16 years ago
|
Group: webtools-security → bugzilla-security
Comment 2•14 years ago
|
||
Bugzilla 3.0 is EOL. We will retarget this bug when it's fixed.
Target Milestone: Bugzilla 3.0 → ---
i suspect bug 600123 has rendered this bug invalid.
Comment 4•14 years ago
|
||
(In reply to comment #3) > i suspect bug 600123 has rendered this bug invalid. Problem is that security sensitive bugs affect all supported branches. But we never had any evidence that this was a problem, so I would agree to close this bug as WFM or WONTFIX.
Reporter | ||
Comment 5•14 years ago
|
||
It's basically still true, because the added accessors don't respect {error}. But I'm also not aware of any security situation caused by this at the moment, and so I think it's reasonable to WONTFIX it.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
Updated•14 years ago
|
Group: bugzilla-security
You need to log in
before you can comment on or make changes to this bug.
Description
•