Closed
Bug 513511
Opened 16 years ago
Closed 16 years ago
Can't get legal values for attachments.status
Categories
(Bugzilla :: WebService, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: otaylor, Unassigned)
Details
Attachments
(1 file)
|
1.25 KB,
patch
|
Details | Diff | Splinter Review |
Trying to call the Bug.legal_values method on the field 'attachments.status' produces:
xmlrpclib.Fault: <Fault -32000: 'DBD::mysql::db selectcol_arrayref failed: SELECT command denied to user \'bugzilla\'@\'localhost\' for table \'status\' [for Statement "SELECT value FROM attachments.status\n WHERE isactive = ?\n ORDER BY sortkey, value"] at Bugzilla/Field.pm line 881\n\tBugzilla::Field::get_legal_field_values(\'attachments.status\') called at Bugzilla/WebService/Bug.pm line 312\n\tBugzilla::WebService::Bug::legal_values(\'Bugzilla::WebService::Bug\', \'HASH(0x3beda28)\') called at /usr/lib/perl5/vendor_perl/5.10.0/SOAP/Lite.pm line 2744\n\teval {...} called at /usr/lib/perl5/vendor_perl/5.10.0/SOAP/Lite.pm line 2729\n\teval {...} called at /usr/lib/perl5/vendor_perl/5.10.0/SOAP/Lite.pm line 2695\n\tSOAP::Server::handle(\'Bugzilla::WebService::Server::XMLRPC=HASH(0x397ba68)\', \'<?xml version=\\\'1.0\\\'?>\\x{a}<methodCall>\\x{a}<methodName>Bug.legal_va...\') called at /usr/lib/perl5/vendor_perl/5.10.0/SOAP/Transport/HTTP.pm line 394\n\tSOAP::Transport::HTTP::Server::handle(\'Bugzilla::WebService::Server::XMLRPC=HASH(0x397ba68)\') called at /usr/lib/perl5/vendor_perl/5.10.0/SOAP/Transport/HTTP.pm line 515\n\tSOAP::Transport::HTTP::CGI::handle(\'Bugzilla::WebService::Server::XMLRPC=HASH(0x397ba68)\') called at /var/www/bugzilla-emblems/xmlrpc.cgi line 47\n'>
I'll attach a patch that fixes the problem by using the legal_field_values method on Bugzilla::Field rather than Bugzilla::Field::get_legal_field_values, but I'm not sure if get_legal_field_values should be fixed instead or in addition of this.
|
||
Comment 1•16 years ago
|
||
This looks invalid to me. "SELECT command denied to user \'bugzilla\'@\'localhost\" looks like a permission problem to me. Also, I don't know how you managed to inject your string directly in the SQL query.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
|
|
||
Comment 2•16 years ago
|
||
Yeah, also, there is no attachments.status field in upstream Bugzilla.
Status: RESOLVED → VERIFIED
The point that attachments.status is not upstream is a valid one, realized that after filing the bug :-)
But there is no permissions problem involved here.
If you assume that you have a field that:
A) Is a select
B) Has a dot in the name
Upstream has plenty of both, but no combinations of the two, then it's obvious what happens - the field name gets passed directly to:
sub get_legal_field_values {
my ($field) = @_;
my $dbh = Bugzilla->dbh;
my $result_ref = $dbh->selectcol_arrayref(
"SELECT value FROM $field
WHERE isactive = ?
ORDER BY sortkey, value", undef, (1));
return $result_ref;
}
Which is a request to access the 'status' field of the attachments database.
The way it is working when get_legal_field_values() isn't directly selecting from the database is that bbaetz used the CLASS_MAP feature of Bugzilla::Field::Choice.pm to redirect the attachments.status field to a custom class:
product => 'Bugzilla::Product',
+ 'attachments.status' => 'Bugzilla::AttachmentStatus',
And Bugzilla::AttachmentStatus has:
use constant DB_TABLE => 'attachment_status';
That looks legitimate to me, so my interpretation is that this reflects a real bug in the Bugzilla codebase that just isn't triggered by the current set of fields.
Max: do you want me to refile this in GNOME bugzilla?
|
|
||
Comment 4•16 years ago
|
||
(In reply to comment #3)
> Max: do you want me to refile this in GNOME bugzilla?
Yeah, with all the info in that comment, if you could.
You need to log in
before you can comment on or make changes to this bug.
Description
•