Closed
Bug 572602
(bz-create-defaults)
Opened 14 years ago
Closed 14 years ago
Calling Bug->create() without fields specified does not produce values for those fields
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.0
People
(Reporter: mkanat, Assigned: mkanat)
References
Details
Attachments
(1 file, 1 obsolete file)
14.64 KB,
patch
|
timello
:
review+
|
Details | Diff | Splinter Review |
Now that we have switched to VALIDATOR_DEPENDENCIES for Bugzilla::Bug, failing to specify assigned_to to Bug->create() simply means that _check_assigned_to is never called, and so assigned_to is left out of the INSERT, which causes bug creation to fail.
Assignee | ||
Comment 1•14 years ago
|
||
So, this is also true for groups--that is, a bug doesn't get its default groups if "groups" isn't specified as part of the constructor. I'm marking this as security-sensitive for now, but we haven't had any release with this bug in it.
Group: bugzilla-security
Summary: Calling Bug->create() without assigned_to specified does not produce a default assignee → Calling Bug->create() without fields specified does not produce values for those fields
Assignee | ||
Updated•14 years ago
|
Severity: major → critical
Assignee | ||
Updated•14 years ago
|
Alias: bz-create-defaults
Assignee | ||
Comment 2•14 years ago
|
||
Okay, this modifies check_required_create_fields to work properly in the brave new world of VALIDATOR_DEPENDENCIES. :-) Basically, we now leave the checking and setting of defaults to the VALIDATORS. We just make sure that every field that actually needs to be specified gets set to "undef" if it wasn't passed in to create(), and then the validators handle the rest. I had to fix up several files to properly handle "undef" in their validators, and I modified Bugzilla::Bug to throw a slightly nicer error if you try to create a bug without being logged in. Note that Bugzilla::Flag was not operating properly with REQUIRED_CREATE_FIELDS, and so will not be operating properly with this new system either, because it does not use validators standardly for create(). To review this patch, you probably want to look at the changes in Bugzilla::Object first (which are the real, important changes here) and then at the small changes in the rest of the files.
Assignee: create-and-change → mkanat
Status: NEW → ASSIGNED
Attachment #452694 -
Flags: review?(timello)
Comment 3•14 years ago
|
||
Comment on attachment 452694 [details] [diff] [review] v1 The patch is either bit rotted or malformed because it is asking to revert the changes in the Bugzilla/Field.pm and after applying the patch, checksetup.pl is warning: Subroutine Bugzilla::Field::REQUIRED_CREATE_FIELDS redefined at /usr/share/perl5/constant.pm line 119, <DATA> line 522.
Attachment #452694 -
Flags: review?(timello) → review-
Comment 4•14 years ago
|
||
We cannot release 3.7.1 with this bug unresolved.
Assignee | ||
Comment 5•14 years ago
|
||
(In reply to comment #4) > We cannot release 3.7.1 with this bug unresolved. Yes I know, that's why I'm waiting for this bug to be fixed before releasing.
Assignee | ||
Comment 6•14 years ago
|
||
Weird. Don't know why patch was thinking that the diff was already applied. In any case, this should fix it.
Attachment #452694 -
Attachment is obsolete: true
Attachment #453513 -
Flags: review?(timello)
Assignee | ||
Comment 7•14 years ago
|
||
BTW, once this is fixed, I'm just going to notify developers@ and open the bug--I'm not going to issue a security advisory, because there was never a release with this bug in it. I may also notify support-bugzilla.
Assignee | ||
Comment 8•14 years ago
|
||
This was introduced by bug 567296, so it's been in trunk since revision 7205.
Depends on: 567296
Comment 9•14 years ago
|
||
Comment on attachment 453513 [details] [diff] [review] v2 It looks awesome!
Attachment #453513 -
Flags: review?(timello) → review+
Updated•14 years ago
|
Flags: approval?
Assignee | ||
Updated•14 years ago
|
Flags: approval? → approval+
Assignee | ||
Comment 10•14 years ago
|
||
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/ modified email_in.pl modified Bugzilla/Attachment.pm modified Bugzilla/Bug.pm modified Bugzilla/Classification.pm modified Bugzilla/Component.pm modified Bugzilla/Field.pm modified Bugzilla/Flag.pm modified Bugzilla/Group.pm modified Bugzilla/Keyword.pm modified Bugzilla/Milestone.pm modified Bugzilla/Object.pm modified Bugzilla/Product.pm modified Bugzilla/User.pm modified Bugzilla/Util.pm modified Bugzilla/Version.pm modified Bugzilla/Field/Choice.pm modified Bugzilla/Search/Recent.pm modified Bugzilla/Search/Saved.pm modified Bugzilla/Whine/Schedule.pm Committed revision 7239.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 11•14 years ago
|
||
I sent an informal security advisory to developers@ and support-bugzilla. Unlocking this bug.
Group: bugzilla-security
You need to log in
before you can comment on or make changes to this bug.
Description
•