Closed
Bug 651786
Opened 14 years ago
Closed 11 years ago
Modifying the default user object modifies the DEFAULT_USER constant
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.4
People
(Reporter: LpSolit, Assigned: glob)
Details
Attachments
(1 file)
820 bytes,
patch
|
mail
:
review+
|
Details | Diff | Splinter Review |
my $user = Bugzilla->login;
$user->{xs} = 45;
Bugzilla->logout_request;
print Bugzilla->user->{xs};
returns 45 despite logout_request undef'ines the user object. Note that this only works if you are not logged in, else the last instruction prints undef, as expected.
I don't think this unexpected behavior triggers any security problem, but when fixing it, we should keep in mind that it will probably have side-effects, such as invalidating my fix for bug 650593 (as Bugzilla->logout is called before Bugzilla->user->settings). So that's not something we should take on branches.
i hit this issue via an extension creating a bug during checksetup, prior to Bugzilla::User->super_user being called. this resulted in "Can't store CODE items at Bugzilla/User.pm line 171" (the dclone line in super_user).
Assignee: user-accounts → glob
this patch replaces dclone with a simple shallow copy, and makes Bugzilla::User->new() use it as well as Bugzilla::User->super_user().
this doesn't break the patch for bug 650593.
Attachment #8345138 -
Flags: review?(simon)
Updated•11 years ago
|
Attachment #8345138 -
Flags: review?(simon) → review+
Updated•11 years ago
|
Status: NEW → ASSIGNED
Flags: approval?
Target Milestone: --- → Bugzilla 5.0
Updated•11 years ago
|
Flags: approval? → approval+
Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla/User.pm
Committed revision 8829.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 4•10 years ago
|
||
Could this be applied to Bugzilla 4.4? GNOME hits this sometimes in the Bugzilla 4.4 test installation, see https://bugzilla.gnome.org/show_bug.cgi?id=743171.
Flags: approval4.4?
Comment 5•10 years ago
|
||
Could this be backported to Bugzilla 4.4 so GNOME does not have to maintain a downstream patch for this?
sorry about the delay; evidently my 'pending approvals' query was only looking for open bugs.
this is fine to backport to 4.4.
To ssh://gitolite3@git.mozilla.org/bugzilla/bugzilla.git
981729e..3fbd84b 4.4 -> 4.4
Flags: approval4.4? → approval4.4+
Target Milestone: Bugzilla 5.0 → Bugzilla 4.4
You need to log in
before you can comment on or make changes to this bug.
Description
•