Show dependency graph fails using local webdotbase under mod_perl

RESOLVED WORKSFORME

Status

()

RESOLVED WORKSFORME
11 years ago
10 years ago

People

(Reporter: vaidasn, Unassigned)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); lt; rv:1.8.1.14) Gecko/20080417 Firefox/2.0.0.14
Build Identifier: 3.0.4

When Bugzilla works under mod_perl and webdotbase parameter points to local 'dot' (eg. /usr/bin/dot) then 'Show dependency graph' fails with this message:

> Insecure $ENV{PATH} while running with -T switch at /var/www/localhost/htdocs/bugzilla/showdependencygraph.cgi line 241.


Reproducible: Always

Steps to Reproduce:
1. Configure Bugzilla tu run under mod_perl
2. Set webdotbase to local 'dot', eg. /usr/bin/dot
3. Show any bug and click on 'Show dependency graph'
4. Software error is displayed
Actual Results:  
Software error:
> Insecure $ENV{PATH} while running with -T switch at /var/www/localhost/htdocs/bugzilla/showdependencygraph.cgi line 241.

Expected Results:  
Dependency Graph for bug displayed.
(Reporter)

Comment 1

11 years ago
Created attachment 325726 [details] [diff] [review]
This patch fixed the problem for me

I have used diffpath localconfig setting. Maybe a dedicated parameter should be used instead.

Comment 2

11 years ago
Max, can you have a look at this patch?

Comment 3

11 years ago
Bugzilla deletes $ENV{PATH} before we ever get to this point, in Bugzilla::init_page. How did it even get set?
OS: Linux → All
Hardware: PC → All
(Reporter)

Comment 4

11 years ago
(In reply to comment #3)
> Bugzilla deletes $ENV{PATH} before we ever get to this point, in
> Bugzilla::init_page. How did it even get set?
> 

$ENV{PATH} does not get deleted, it is available at this point:
showdependencygraph.cgi line 241

I have checked this.

The patch (attachment 325726 [details] [diff] [review]) is modeled after
http://lxr.mozilla.org/bugzilla/source/Bugzilla/Attachment/PatchReader.pm#112

Comment 5

10 years ago
The only related bug I could find is bug 370398, but it has been fixed in 3.0 already. And it's not about a taint issue. Maybe you did a local change?

Comment 6

10 years ago
No reply from the reporter, and not something we can reproduce. -> WFM.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WORKSFORME
Version: unspecified → 3.0.4
You need to log in before you can comment on or make changes to this bug.