Closed
Bug 666279
Opened 13 years ago
Closed 13 years ago
it's possible to get a list of all bugs with buglist.cgi
Categories
(Bugzilla :: Query/Bug List, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 255606
People
(Reporter: glob, Assigned: dkl)
References
()
Details
Attachments
(1 file)
if you hit buglist.cgi with a querystring beginning with = bugzilla will perform a search which results all bugs. this should be caught and throw a buglist_parameters_required error.
Assignee | ||
Updated•13 years ago
|
Assignee: query-and-buglist → dkl
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•13 years ago
|
||
Patch that adds code to Bugzilla::CGI::clean_search_url that removes any params with empty names. Previously they were not removed and using an improperly formed search url, the user could pull in every bug in the database. dkl
Attachment #541117 -
Flags: review?(glob)
Comment 2•13 years ago
|
||
No, there are a zillion ways to grab every bug in the database, fixing every single one of them on the frontend side is definitely the wrong solution. The right answer is to have Search.pm understand when it has received no criteria and have it throw an error. This is not very hard at all, with the new architecture, so should be quite doable for 4.2 if you would like to implement it there. There's already a bug filed for this (I believe) but I can't find it at the moment. In any case, you should know in advance that I won't approve a patch that modifies clean_search_url to remove things that Bugzilla doesn't generate itself--I think fixing up Search.pm is a much more reliable and simple solution.
Whiteboard: DUPME
Comment 3•13 years ago
|
||
I'd say that this is generally a duplicate of bug 255606.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Whiteboard: DUPME
Attachment #541117 -
Flags: review?(glob)
You need to log in
before you can comment on or make changes to this bug.
Description
•