bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Classification name length and sortkey max value not validated

RESOLVED FIXED in Bugzilla 3.4



10 years ago
10 years ago


(Reporter: Frédéric Buclin, Assigned: Frédéric Buclin)


Bugzilla 3.4
Bug Flags:
approval +



(1 attachment)



10 years ago
As discussed in bug 313126 comment 15, _check_name() should make sure the classification name doesn't exceed the max length allowed by the DB, and also make sure the sortkey is not too large (currently, PostgreSQL throws an error if you try to).

Comment 1

10 years ago
Created attachment 355115 [details] [diff] [review]
patch, v1

I copied error messages from products and milestones, for consistency.
Attachment #355115 - Flags: review?(wicked)
Attachment #355115 - Flags: review?(wicked) → review+
Comment on attachment 355115 [details] [diff] [review]
patch, v1

>Index: Bugzilla/Classification.pm
>+    if (length($name) > MAX_CLASSIFICATION_SIZE) {
>+        ThrowUserError('classification_name_too_long', {'name' => $name});
>+    }

Note that I couldn't trigger this error as neither Firefox nor IE allow me to input more than 64 characters to the name text input control. I guess there could be some browsers out there that don't respect maxlength attribute so this validation is nice to have. If nothing else than for consistency with products and components.

>Index: template/en/default/global/user-error.html.tmpl
>+    The sortkey '[% sortkey FILTER html %]' is not in the range
>+    0 ≤ sortkey ≤ [% constants.MAX_SMALLINT FILTER html %].

Nit: Uhh, this sentence is so.. scientific and I have hard time wrapping my head around it. It would be better if you'd only replace "It must be a positive integer." with "The sortkey must be an integer between 0 and 32767, inclusive." as in the flag_type_sortkey_invalid error (except use constants for the numbers).
Flags: approval?

Comment 3

10 years ago
(In reply to comment #2)
> Note that I couldn't trigger this error

Just hack the URL, as I did. :)

> integer." with "The sortkey must be an integer between 0 and 32767, inclusive."

Good idea, I will do that on checkin.
Flags: approval? → approval+

Comment 4

10 years ago
Checking in Bugzilla/Classification.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Classification.pm,v  <--  Classification.pm
new revision: 1.14; previous revision: 1.13
Checking in Bugzilla/Constants.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Constants.pm,v  <--  Constants.pm
new revision: 1.101; previous revision: 1.100
Checking in template/en/default/global/user-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl,v  <-- user-error.html.tmpl
new revision: 1.269; previous revision: 1.268
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.