572602 - (bz-create-defaults) Calling Bug->create() without fields specified does not produce values for those fields

Status: RESOLVED FIXED

(Bugzilla :: Creating/Changing Bugs, defect)

Description

[Max Kanat-Alexander]

Now that we have switched to VALIDATOR_DEPENDENCIES for Bugzilla::Bug, failing to specify assigned_to to Bug->create() simply means that _check_assigned_to is never called, and so assigned_to is left out of the INSERT, which causes bug creation to fail.

Comment 1

[Max Kanat-Alexander]

So, this is also true for groups--that is, a bug doesn't get its default groups if "groups" isn't specified as part of the constructor. I'm marking this as security-sensitive for now, but we haven't had any release with this bug in it.

Comment 2

[Max Kanat-Alexander]

Attachment: v1

Okay, this modifies check_required_create_fields to work properly in the brave new world of VALIDATOR_DEPENDENCIES. :-) Basically, we now leave the checking and setting of defaults to the VALIDATORS. We just make sure that every field that actually needs to be specified gets set to "undef" if it wasn't passed in to create(), and then the validators handle the rest.

I had to fix up several files to properly handle "undef" in their validators, and I modified Bugzilla::Bug to throw a slightly nicer error if you try to create a bug without being logged in.

Note that Bugzilla::Flag was not operating properly with REQUIRED_CREATE_FIELDS, and so will not be operating properly with this new system either, because it does not use validators standardly for create().

To review this patch, you probably want to look at the changes in Bugzilla::Object first (which are the real, important changes here) and then at the small changes in the rest of the files.

Comment 3

[Tiago Mello [:timello]]

Comment on attachment 452694 [details] [diff] [review]
v1

The patch is either bit rotted or malformed because it is asking to revert the changes in the Bugzilla/Field.pm and after applying the patch, checksetup.pl is warning:
Subroutine Bugzilla::Field::REQUIRED_CREATE_FIELDS redefined at /usr/share/perl5/constant.pm line 119, <DATA> line 522.

Comment 4

[Frédéric Buclin]

We cannot release 3.7.1 with this bug unresolved.

Comment 5

[Max Kanat-Alexander]

(In reply to comment #4)
> We cannot release 3.7.1 with this bug unresolved.

  Yes I know, that's why I'm waiting for this bug to be fixed before releasing.

Comment 6

[Max Kanat-Alexander]

Attachment: v2

Weird. Don't know why patch was thinking that the diff was already applied. In any case, this should fix it.

Comment 7

[Max Kanat-Alexander]

BTW, once this is fixed, I'm just going to notify developers@ and open the bug--I'm not going to issue a security advisory, because there was never a release with this bug in it. I may also notify support-bugzilla.

Comment 8

[Max Kanat-Alexander]

This was introduced by bug 567296, so it's been in trunk since revision 7205.

Comment 9

[Tiago Mello [:timello]]

Comment on attachment 453513 [details] [diff] [review]
v2

It looks awesome!

Comment 10

[Max Kanat-Alexander]

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/
modified email_in.pl
modified Bugzilla/Attachment.pm
modified Bugzilla/Bug.pm
modified Bugzilla/Classification.pm
modified Bugzilla/Component.pm
modified Bugzilla/Field.pm
modified Bugzilla/Flag.pm
modified Bugzilla/Group.pm
modified Bugzilla/Keyword.pm
modified Bugzilla/Milestone.pm
modified Bugzilla/Object.pm
modified Bugzilla/Product.pm
modified Bugzilla/User.pm
modified Bugzilla/Util.pm
modified Bugzilla/Version.pm
modified Bugzilla/Field/Choice.pm
modified Bugzilla/Search/Recent.pm
modified Bugzilla/Search/Saved.pm
modified Bugzilla/Whine/Schedule.pm                                            
Committed revision 7239.

Comment 11

[Max Kanat-Alexander]

I sent an informal security advisory to developers@ and support-bugzilla. Unlocking this bug.