Closed Bug 407402 Opened 18 years ago Closed 17 years ago

Bugzilla should die if data/params doesn't exist, but it isn't dying

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
3.1.2
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.0

People

(Reporter: mkanat, Assigned: mkanat)

Details

Attachments

(1 file)

v1
1016 bytes, patch
justdave
: review+
Details | Diff | Splinter Review
Lots of people report that they get strange errors like " Can't locate Bugzilla/Auth/Login/.pn in @INC", which really means Bugzilla couldn't read data/params. Our current param-reading code looks like this: $s->rdo("$datadir/params"); die "Error reading $datadir/params: $!" if $!; die "Error evaluating $datadir/params: $@" if $@; So that *looks* like it ought to die when it can't read the file, but it isn't dying.
Ah, okay. I figured out the problem. If the file doesn't exist, then it doesn't die. If it's just an honest permissions failure, it actually does die. So we need to also check that the file exists.
Summary: Bugzilla should die if it can't read data/params, but it isn't dying → Bugzilla should die if data/params doesn't exist, but it isn't dying
Ah, this is because installation calls Bugzilla->params many times when the file doesn't exist. However, if we're in a CGI, we should die if params doesn't exist.
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2
Attached patch v1Splinter Review
Okay, this is pretty straightforward. I think we can take it on the branch, too. There are no CGIs that can be validly called when data/params doesn't exist.
Assignee: general → mkanat
Status: NEW → ASSIGNED
Attachment #292140 - Flags: review?
Attachment #292140 - Flags: review? → review?(justdave)
Target Milestone: Bugzilla 3.2 → Bugzilla 3.0
Attachment #292140 - Flags: review?(justdave) → review?(LpSolit)
Comment on attachment 292140 [details] [diff] [review] v1 This seems to do what it says. If I nuke my data/params file I get a not-so-pretty (but functional) error message. How concerned are we about $datadir exposing file paths? It seems to give a full pathname if you're in mod_perl.
Attachment #292140 - Flags: review?(LpSolit) → review+
Thanks for the review! :-) We're not concerned about exposing file paths. I don't perceive a serious security issue there, unless people are interested in security by obscurity.
Flags: approval+
tip: Checking in Bugzilla/Config.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config.pm,v <-- Config.pm new revision: 1.73; previous revision: 1.72 done 3.0: Checking in Bugzilla/Config.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config.pm,v <-- Config.pm new revision: 1.70.2.1; previous revision: 1.70 done
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: