Closed Bug 748095 Opened 12 years ago Closed 11 years ago

Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Version:
4.0.3
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.2

People

(Reporter: altlist, Assigned: LpSolit)

References

Details

Attachments

(2 files, 1 obsolete file)

patch for trunk, v1
1.84 KB, patch
dkl
: review+
Details | Diff | Splinter Review
patch for 4.x
431 bytes, patch
dkl
: review+
Details | Diff | Splinter Review
Attached patch v1 (obsolete) — Splinter Review 
I'm using LDAP authentication for a couple years and each time I set the "shutdown" admin parameter, the bugzilla home page returns an internal error message, "Undef to trick_taint".  The failed line is trick_taint($login_cookie) in Bugzilla::Auth::Persist::logout.

I thought it was my custom setup but doing some inspections, I don't have any login cookies as I'm using LDAP, hence $login_cookie is always undef.

Attached was a cheap fix that solved my issue.
Attachment #617623 - Attachment is patch: true
OS: Windows 7 → All
Hardware: x86 → All
Target Milestone: --- → Bugzilla 4.4
Assignee: administration → dkl
Status: NEW → ASSIGNED
Let's mark it as a blocker as we need to address bug 893195 comment 27 and 28 anyway.
Flags: blocking4.4.2+
The problem is reproducible not only with LDAP but also when using ENV, i.e. that all non-cookie based authentication methods are affected.
Assignee: dkl → LpSolit
Summary: undef login_cookie when shutting down Bugzilla via ldap authentication → Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method
As said in bug 893195 comment 28, we cannot return early if no cookies are available, because we still have to clear data from the DB if $type == LOGOUT_KEEP_CURRENT.
Attachment #8344182 - Flags: review?(dkl)
Attached patch patch for 4.xSplinter Review 
This patch works with all Bugzilla 4.x installations (in case we want it for 4.2 too).
Attachment #617623 - Attachment is obsolete: true
Attachment #8344185 - Flags: review?(dkl)
4.2 branch rules say "security, crash, data loss, and selected critical fixes only"

This counts as a crash, so it qualifies.
Flags: blocking4.2.8+
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
Comment on attachment 8344185 [details] [diff] [review]
patch for 4.x

Review of attachment 8344185 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8344185 - Flags: review?(dkl) → review+
Comment on attachment 8344182 [details] [diff] [review]
patch for trunk, v1

Review of attachment 8344182 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8344182 - Flags: review?(dkl) → review+
Flags: approval?
Flags: approval4.4?
Flags: approval4.2?
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.2+
Flags: approval+
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla.pm
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8836.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.4/
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8643.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified Bugzilla/Auth/Persist/Cookie.pm
Committed revision 8242.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Added to relnotes for 4.4.2.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: