Closed Bug 477513 Opened 15 years ago Closed 15 years ago

md5_hex() fails if a saved search has UTF8 characters in it

Categories

(Bugzilla :: Query/Bug List, defect)

3.2.2
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Bugzilla 3.2

People

(Reporter: himorin, Assigned: LpSolit)

References

Details

(Keywords: regression)

Attachments

(1 file)

issue_hash_token(), introduced by last security fix, uses directly md5_hex with the internal data.
As the bug (or spec) of Digest:: modules, we must encode, using encode_utf8() or something, the utf-8 data before using md5_hex().

For the document, refer pod of the Digest::MD5.
Hum yeah, I can reproduce. If a saved search name has UTF8 characters in it, buglist.cgi and userprefs.cgi?tab=saved-searches both fails with:

undef error - Wide character in subroutine entry at Bugzilla/Token.pm line 183.
Flags: blocking3.2.3+
Flags: blocking3.0.9+
Target Milestone: --- → Bugzilla 3.0
Err... I just tested on 3.0.8, and it's not affected by the problem.
Flags: blocking3.0.9+
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2
Ahh, this is basically the same bug as bug 431201, then, just in a different place. What's funny is that, using the Digest.pm interface, this doesn't seem to happen (I tested it when I wrote the SHA-1 patch--maybe it's just not necessary for Digest::SHA, but it is necessary for Digest::MD5).
Attached patch patch, v1Splinter Review
Use the same trick as in bug 453767.
Assignee: query-and-buglist → LpSolit
Status: NEW → ASSIGNED
Attachment #361189 - Flags: review?(mkanat)
Attachment #361189 - Flags: review?(shimono)
Keywords: regression
Comment on attachment 361189 [details] [diff] [review]
patch, v1

Looks good to me. I assume you tested it and it works?
Attachment #361189 - Flags: review?(mkanat) → review+
yup. But I also tested security patches, and they still regressed something. :-(
Flags: approval3.2+
Flags: approval+
Attachment #361189 - Flags: review?(shimono)
tip:

Checking in Bugzilla/Token.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Token.pm,v  <--  Token.pm
new revision: 1.58; previous revision: 1.57
done

3.2.2:

Checking in Bugzilla/Token.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Token.pm,v  <--  Token.pm
new revision: 1.55.2.2; previous revision: 1.55.2.1
done
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Summary: Cannot use saved search with utf-8 name (issue_hash_token problem) → md5_hex() fails if a saved search has UTF8 characters in it
Comment on attachment 361189 [details] [diff] [review]
patch, v1

Sorry for late.
I've checked with our test site, and works well.
Attachment #361189 - Flags: review+
You need to log in before you can comment on or make changes to this bug.