litmus' "populatedb.pl" fails to correctly escape password with "&"

RESOLVED WONTFIX

Status

Webtools Graveyard
Litmus
P4
major
RESOLVED WONTFIX
9 years ago
a year ago

People

(Reporter: rb, Unassigned)

Tracking

Trunk
x86_64
Linux

Details

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: 

installing litmus (cvs/head, 12/19/08) on

	uname -a
		Linux dragon 2.6.24.5-serf-xeon-c6.1-grsec #1 SMP Tue Oct 7 06:18:04 PDT 2008 x86_64 GNU/Linux

with configuration,

	cat litmus/localconfig
		our $db_host = "db.mydomain.com";
		our $db_name = "litmus_db";
		our $db_user = "test_admin";
		our $db_pass = '23hj_Uhb7&52g_#4n';
		
		our $user_cookiename = "litmus_login";
		our $sysconfig_cookiename = "litmustestingconfiguration";
		
		our $sendmail_path = "/usr/sbin/sendmail";
		
		our $tr_host = "";
		our $tr_name = "";
		our $tr_user = "";
		our $tr_pass = "";
		
		our $bugzilla_auth_enabled = 0;
		our $bugzilla_db = "bugzilla_db";
		our $bugzilla_host = "db.mydomain.com";
		our $bugzilla_user = "test_admin";
		our $bugzilla_pass = '23hj_Uhb7&52g_#4n';


populating the db fails,

	./populatedb.pl -r

		Checking for missing/new database tables...
		Creating table user_group_map ...
		Creating table test_run_criteria ...
		Creating table test_result_comments ...
		Creating table testcases ...
		Creating table subgroup_testgroups ...
		Creating table log_type_lookup ...
		Creating table testcase_tags ...
		Creating table products ...
		Creating table testresult_logs_join ...
		Creating table opsyses ...
		Creating table test_format_lookup ...
		Creating table test_result_status_lookup ...
		Creating table platform_products ...
		Creating table password_resets ...
		Creating table testcase_subgroups ...
		Creating table testdays ...
		Creating table group_product_map ...
		Creating table locale_lookup ...
		Creating table subgroups ...
		Creating table test_result_bugs ...
		Creating table related_testcases ...
		Creating table exit_status_lookup ...
		Creating table users ...
		Creating table test_run_testgroups ...
		Creating table audit_trail ...
		Creating table test_result_logs ...
		Creating table branches ...
		Creating table test_results ...
		Creating table security_groups ...
		Creating table testday_subgroups ...
		Creating table platforms ...
		Creating table tags ...
		Creating table test_runs ...
		Creating table sessions ...
		Creating table build_type_lookup ...
		Creating table testgroups ...
		Populating tables with default data...sh: 52g_#4n: command not found
		Error populating database litmus_db at ./populatedb.pl line 126.
		ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)



Reproducible: Always

Steps to Reproduce:
1.
2.
3.
(Reporter)

Updated

9 years ago
Hardware: x86 → x86_64

Comment 1

9 years ago
creating a new bug to track why litmus passwords are being saved in plain/text.  Lowering priority on this bug until that is fixed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P4

Updated

9 years ago
Blocks: 480209

Comment 2

9 years ago
Wouldn't it be easier just to escape the offending character in the localconfig file?

I tend to keep meta-chars out of my passwords to avoid this sort of thing, but that's just me.

(In reply to comment #1)
> creating a new bug to track why litmus passwords are being saved in plain/text.
>  Lowering priority on this bug until that is fixed.

Tony: this is the configuration file for Litmus as a whole. The password is in plaintext so that Litmus can actually connect to the database. The .htaccess file in the tree blocks access to this file by default (assuming they're running apache of course).

Comment 3

5 years ago
Litmus is being decommissioned in bug 802674. 

Visit https://moztrap.mozilla.org for your testing needs.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

a year ago
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.