issue_hash_token(), introduced by last security fix, uses directly md5_hex with the internal data. As the bug (or spec) of Digest:: modules, we must encode, using encode_utf8() or something, the utf-8 data before using md5_hex(). For the document, refer pod of the Digest::MD5.
Hum yeah, I can reproduce. If a saved search name has UTF8 characters in it, buglist.cgi and userprefs.cgi?tab=saved-searches both fails with: undef error - Wide character in subroutine entry at Bugzilla/Token.pm line 183.
Target Milestone: --- → Bugzilla 3.0
Err... I just tested on 3.0.8, and it's not affected by the problem.
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2
Ahh, this is basically the same bug as bug 431201, then, just in a different place. What's funny is that, using the Digest.pm interface, this doesn't seem to happen (I tested it when I wrote the SHA-1 patch--maybe it's just not necessary for Digest::SHA, but it is necessary for Digest::MD5).
Use the same trick as in bug 453767.
Assignee: query-and-buglist → LpSolit
Status: NEW → ASSIGNED
Attachment #361189 - Flags: review?(mkanat)
Comment on attachment 361189 [details] [diff] [review] patch, v1 Looks good to me. I assume you tested it and it works?
Attachment #361189 - Flags: review?(mkanat) → review+
yup. But I also tested security patches, and they still regressed something. :-(
tip: Checking in Bugzilla/Token.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Token.pm,v <-- Token.pm new revision: 1.58; previous revision: 1.57 done 3.2.2: Checking in Bugzilla/Token.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Token.pm,v <-- Token.pm new revision: 126.96.36.199; previous revision: 188.8.131.52 done
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Summary: Cannot use saved search with utf-8 name (issue_hash_token problem) → md5_hex() fails if a saved search has UTF8 characters in it
Comment on attachment 361189 [details] [diff] [review] patch, v1 Sorry for late. I've checked with our test site, and works well.
Attachment #361189 - Flags: review+
You need to log in before you can comment on or make changes to this bug.