Closed Bug 651786 Opened 14 years ago Closed 11 years ago

Modifying the default user object modifies the DEFAULT_USER constant

Categories

(Bugzilla :: User Accounts, defect)

defect
Not set
minor

Tracking

()

RESOLVED FIXED
Bugzilla 4.4

People

(Reporter: LpSolit, Assigned: glob)

Details

Attachments

(1 file)

my $user = Bugzilla->login; $user->{xs} = 45; Bugzilla->logout_request; print Bugzilla->user->{xs}; returns 45 despite logout_request undef'ines the user object. Note that this only works if you are not logged in, else the last instruction prints undef, as expected. I don't think this unexpected behavior triggers any security problem, but when fixing it, we should keep in mind that it will probably have side-effects, such as invalidating my fix for bug 650593 (as Bugzilla->logout is called before Bugzilla->user->settings). So that's not something we should take on branches.
i hit this issue via an extension creating a bug during checksetup, prior to Bugzilla::User->super_user being called. this resulted in "Can't store CODE items at Bugzilla/User.pm line 171" (the dclone line in super_user).
Assignee: user-accounts → glob
Attached patch 651786_1.patchSplinter Review
this patch replaces dclone with a simple shallow copy, and makes Bugzilla::User->new() use it as well as Bugzilla::User->super_user(). this doesn't break the patch for bug 650593.
Attachment #8345138 - Flags: review?(simon)
Attachment #8345138 - Flags: review?(simon) → review+
Status: NEW → ASSIGNED
Flags: approval?
Target Milestone: --- → Bugzilla 5.0
Flags: approval? → approval+
Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bugzilla/trunk/ modified Bugzilla/User.pm Committed revision 8829.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Could this be applied to Bugzilla 4.4? GNOME hits this sometimes in the Bugzilla 4.4 test installation, see https://bugzilla.gnome.org/show_bug.cgi?id=743171.
Flags: approval4.4?
Could this be backported to Bugzilla 4.4 so GNOME does not have to maintain a downstream patch for this?
sorry about the delay; evidently my 'pending approvals' query was only looking for open bugs. this is fine to backport to 4.4. To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git 981729e..3fbd84b 4.4 -> 4.4
Flags: approval4.4? → approval4.4+
Target Milestone: Bugzilla 5.0 → Bugzilla 4.4
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: