Closed Bug 731664 Opened 13 years ago Closed 13 years ago

backport bug 255606 to bmo (It is possible to get all bugs from buglist.cgi by passing URL parameters to buglist.cgi that create no Search.pm criteria)

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: glob, Assigned: glob)

References

Details

Attachments

(1 file, 1 obsolete file)

patch v2
1.02 KB, patch
dkl
: review+
Details | Diff | Splinter Review 
we need to block requests which result in "give me all the bugs", as these result is massive load on our db slaves, and it's surprisingly each to do with bzapi.

this was fixed in bug 255606 for 4.2, and although search.pm got a massive rewrite, from what i can tell it should be possible to backport the crux of this fix to 4.0.
Blocks: 731630
Attached patch patch v1 (obsolete) — Splinter Review 

        Attachment #601656 -
        Flags: review?(dkl)
Blocks: 731672

    
    

    
  
Comment on attachment 601656 [details] [diff] [review]
patch v1

Review of attachment 601656 [details] [diff] [review]:
-----------------------------------------------------------------

::: Bugzilla/Search.pm
@@ +1052,5 @@
>      }
>      $suppstring .= join('', @supplist);
>      
> +    if (!@andlist
> +        && !Bugzilla->params->{'search_allow_no_criteria'}

You do not define this anywhere. Either port the pref change from 255606 or rename this to specific_search_allow_empty_words.

        Attachment #601656 -
        Flags: review?(dkl) → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch v2Splinter Review
      

    


  
d'oh, sorry about that.

        Attachment #601656 -
        Attachment is obsolete: true

        Attachment #601871 -
        Flags: review?(dkl)

    
    

    
  
Comment on attachment 601871 [details] [diff] [review]
patch v2

Review of attachment 601871 [details] [diff] [review]:
-----------------------------------------------------------------

Works as expected. r=dkl

        Attachment #601871 -
        Flags: review?(dkl) → review+

    
    

    
  
Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bmo/4.0/
modified collectstats.pl
modified Bugzilla/Search.pm
Committed revision 8083.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

    
  
Summary: backport bug 255606 to bmo → backport bug 255606 to bmo (It is possible to get all bugs from buglist.cgi by passing URL parameters to buglist.cgi that create no Search.pm criteria)

    
  
Blocks: 732409

    
  
No longer blocks: 732409
Depends on: 732409

    
    

    
  
The "bugs filed today" saved search (available in the public searches list, shared by reed), that I have pinned to my bugzilla footer, no longer works - presumably due to this.

I get:
"You may not search, or create saved searches, without any search terms." 

The saved search is:
https://bugzilla.mozilla.org/buglist.cgi?cmdtype=dorem&remaction=run&namedcmd=Bugs%20Filed%20Today&sharer_id=159758

And is just a [bug creation] between -24h and now.

    
    

    
  
Sorry, just seen bug 732409, ignore.

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: