Closed Bug 812054 Opened 12 years ago Closed 12 years ago

JavaScript error on the Advanced Search page when a classification has a product invisible to the user

Categories

(Bugzilla :: Query/Bug List, defect, P1)

Product:
Bugzilla
Component:
Query/Bug List
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.4

People

(Reporter: mail, Assigned: mail)

References

Details

(Keywords: regression)

Attachments

(1 file, 2 obsolete files)

updated patch
1.01 KB, patch
LpSolit
: review+
Details | Diff | Splinter Review
If you have classifications enabled, and a product that isn't visible to a user (entry, mandatory/mandatory for one group the user can't see for example), a Javascript error occurs in the Advance Search page when you click on the classification that has restricted products. TypeError: val is null val.bz_value_id = optionId; in field.js line 784 This is caused because this function is using $classification->products which does not filter products based on their visibility to the user. This change to is filter the products list.
Flags: blocking4.4?
Summary: Javascript error on advance search page → Javascript error on advanced search page
Attached patch v1 patch (obsolete) — Splinter Review
Diff is against trunk, but it should be applied to 4.4 as well. Earlier versions are not affected.
Attachment #681824 - Flags: review?(glob)
It would good to know which bug caused this problem.
(In reply to Frédéric Buclin from comment #2) > It would good to know which bug caused this problem. http://bzr.mozilla.org/bugzilla/4.4/revision/7907 Bug 636416: Use the standard value-controller javascript to control the drop-down fields on the Advanced Search page. r=glob, a=mkanat
Confirmed.
Component: User Interface → Query/Bug List
Depends on: 636416
Flags: blocking4.4? → blocking4.4+
Summary: Javascript error on advanced search page → JavaScript error on the Advanced Search page when a classification has a product invisible to the user
Comment on attachment 681824 [details] [diff] [review] v1 patch r=glob it's a shame 'product' isn't named 'selectable_products' in query.cgi.
Attachment #681824 - Flags: review?(glob) → review+
Flags: approval?
Flags: approval4.4?
Attachment #681824 - Flags: review-
Comment on attachment 681824 [details] [diff] [review] v1 patch > [% FOREACH legal_value = legal_values %] > [% FOREACH sub_value = legal_value.$accessor %] >+ [% FOREACH p = product %] >+ [% IF p.id == sub_value.id %] This code makes me unhappy. With a large number of products, this code will run as O(N^2), which is quite large. You should instead do something different for classifications (which is the unique field triggering your code): [% IF field.name == "classification" %] [% FOREACH p = product %] [% prod_per_class.${p.classification_id}.push(p.id) %] [% END %] [% FOREACH c = prod_per_class.keys %] showValueWhen() [% END %] [% ELSE %] ... existing code ... [% END %] This code runs as O(N), which is N times faster than your patch. So despite your patch fixes the problem, this is r- for performance reasons.
Assignee: sgreen+mozilla → query-and-buglist
Flags: approval?
Flags: approval4.4?
Attached patch patch to fix this issue (obsolete) — Splinter Review
Attachment #685430 - Flags: review?
Comment on attachment 685430 [details] [diff] [review] patch to fix this issue Has this patch been tested? It doesn't work at all. When selecting a classification in the Advanced Search page, the list of products isn't updated anymore.
Attachment #685430 - Flags: review? → review-
(In reply to Frédéric Buclin from comment #8) > Has this patch been tested? Yes, on Firefox last week, and Chrome today. Since I use Linux, I don't have access to an IE machine. > It doesn't work at all. When selecting a > classification in the Advanced Search page, the list of products isn't > updated anymore. It works for me. Are you getting a Javascript error at all, or is it just not working? What browser and version are you using?
Flags: needinfo?(LpSolit)
Firefox 17 on Linux. With your patch applied, no JS error is thrown, but the products list isn't refreshed anymore when selecting a classification.
Flags: needinfo?(LpSolit)
Attached patch updated patchSplinter Review
Attachment #685430 - Attachment is obsolete: true
Attachment #687388 - Flags: review?(LpSolit)
(In reply to Simon Green from comment #0) > This is caused because this function is using $classification->products > which does not filter products based on their visibility to the user. This > change to is filter the products list. Doesn't this mean that there is an unfiltered product list client-side? Why is this not a sec bug?
(In reply to Marc Schumann [:Wurblzap] from comment #12) > Doesn't this mean that there is an unfiltered product list client-side? Why > is this not a sec bug? Two reasons: 1) It only appears in 4.4rc1 and trunk. Neither of these are production versions. 2) It is only exposing the product.id value, not the products name or other information about the product. Regards, Hugo.
Attachment #681824 - Attachment is obsolete: true
Comment on attachment 687388 [details] [diff] [review] updated patch >+ [% IF accessor == 'products' %] Because accessor == "products" is pretty cryptic, we should write field.name == "classification" instead. This can be fixed on checkin. Now your patch looks good and is working fine. Thanks! :) r=LpSolit
Attachment #687388 - Flags: review?(LpSolit) → review+
Assignee: query-and-buglist → hugo.seabrook
Status: NEW → ASSIGNED
Flags: approval4.4+
Flags: approval+
Keywords: regression
I don't know your name, so I simply write "Hugo" as author in the commit message. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified template/en/default/search/field.html.tmpl Committed revision 8501. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.4/ modified template/en/default/search/field.html.tmpl Committed revision 8477.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: