Closed
Bug 92263
Opened 24 years ago
Closed 23 years ago
Don't output SQL commands before the footer.
Categories
(Bugzilla :: Bugzilla-General, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: CodeMachine, Assigned: justdave)
References
Details
Attachments
(1 file, 2 obsolete files)
823 bytes,
patch
|
bbaetz
:
review+
gerv
:
review+
|
Details | Diff | Splinter Review |
The other day when there was problems with shadow database syncing on mozilla.org, people (including me) were getting an SQL INSERT statement that was an account creation, just before their footer. This had the account's unencrypted password, as well as the person's email. Now we don't store cleartext passwords in 2.14, but we still shouldn't be outputting this garbage. I've been told that apparently it was trying to remove leftover shadow sync commands. That's all well and good, but it shouldn't be outputting those commands.
Assignee | ||
Comment 1•24 years ago
|
||
fix for this is to redirect stderr to /dev/null (or to a logfile) before executing the syncshadowdb command in PutFooter() (but AFTER spawning the second thread to run it in). This may also help with the problem I see frequently where the browser sits there spinning its wheels for a while after the footer completes... I think Apache is still watching both threads, and even though the parent completed, the other is still outputting to stdout/stderr so apache waits for it.
Reporter | ||
Updated•23 years ago
|
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.16
Reporter | ||
Comment 2•23 years ago
|
||
Is it possible to spawn this stuff off as a separate process?
Assignee | ||
Comment 3•23 years ago
|
||
Matty: That's exactly what it's doing now. However, since it's not detaching stderr, Apache is apparently still hanging on to it instead of releasing the session.
Updated•23 years ago
|
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: Bugzilla 2.13 → 2.10
Assignee | ||
Comment 5•23 years ago
|
||
Comment 6•23 years ago
|
||
Won't this break on windows?
Assignee | ||
Updated•23 years ago
|
Comment 7•23 years ago
|
||
Comment on attachment 59051 [details] [diff] [review] redirect output to /dev/null before running syncshadowdb This is going to break windows, needs work. I'm about to paste some code in from parrot (the backend runtime for perl6) that will do this on unix and windows though it isn't pretty
Attachment #59051 -
Flags: review-
Comment 8•23 years ago
|
||
_run_command() should do it. You can call it like: _run_command('dosomethingfun','STDOUT' => 'foo', 'STDERR; => 'bar'); # this kludge is an hopefully portable way of having # redirections ( tested on Linux and Win2k ) sub _run_command { my( $command, %redir ) = @_; my( $redir_string ) = ''; while( my @dup = each %redir ) { my( $from, $to ) = @dup; if( $to eq 'STDERR' ) { $to = "qq{>&STDERR}" } elsif( $to eq 'STDOUT' ) { $to = "qq{>&STDOUT}" } elsif( $to eq '/dev/null' ) { $to = ( $^O eq 'MSWin32' ) ? 'qq{> NUL:}' : "qq{> $to}" } else { $to = "qq{> $to}" } $redir_string .= "open $from, $to;" } system "$^X -e \"$redir_string;system q{$command};\""; }
Assignee | ||
Comment 9•23 years ago
|
||
Ah, but the important part of that code to notice is that on Windows you use NUL: instead of /dev/null. The rest of the existing patch is still valid, no reason for the system call. :) The system call just gets around having to save and restore the filehandle.
Assignee | ||
Comment 10•23 years ago
|
||
And actually, in this case, you don't even need to save/restore the filehandle, because it's an exec in a fork, so control is never returning to the perl code anyway.
Attachment #59051 -
Attachment is obsolete: true
Assignee | ||
Comment 11•23 years ago
|
||
Need someone with Bugzilla on Win32 to verify if this actually works on Windows...
Comment 12•23 years ago
|
||
If this patch is supposed to run against 2.14.1, I'll run it on my win32 install and test. Also, what entry point excersizes this code?
Assignee | ||
Comment 13•23 years ago
|
||
Hmm, this probably will apply to 2.14.1 with an offset... that chunk of code hasn't changed since then. In order to test this, you'd need to tell editparams.cgi that you were running a shadow database, and probably have something corrupted in the shadow database (such as not having one ;) in order to get the shadow update code to spew an error. You can probably test this by trying to activate the shadow database feature without actually creating a shadow database (and not applying this patch yet). Make a change to a bug, and then look for error messages to show up either right before or right after the footer at the bottom of all the process_bug pages. Then apply the patch and see if those error messages go away.
Comment 14•23 years ago
|
||
Applied the patch to a win32 install and stderr is reproducibly getting appended to the bottom of the returned document. I don't have any suggestions for an alternative to "NUL:" except for win32 folks who don't want ANY warnings or stderr returned; changing the appmapping for perl from perl %s %s to perl -X %s %s makes stderr dissappear. The shadowdb code doesn't seem to work on my win32 box, so the errors are more like: "Couldn't do db copy at syncshadowdb line 178." No SQL statements are in the error list. But if syncshadowdb does work on some win32 boxes, maybe the error returned there would carry SQL statements.
Assignee | ||
Comment 15•23 years ago
|
||
OK, John did some testing which he mailed to me privately (thanks, John!) and it's quite evident that using a shadow database as a whole is completely horked on Windows. a) it has no clue where the MySQL executables are because the "which" command run by checksetup.pl doesn't exist in Windows, b) Windows could care less about the shebang line, so the script has to be syncshadowdb.pl (with the pl extension on the end) in order to run it. Even when he fixed those two issues, it was so full of warnings it wasn't even funny. End result: I don't think it's worth even attempting to make this one line of code work on Windows right now, since the shadowdb stuff as a whole needs to be fixed in order to work on windows, and that's Another Bug. :) With shadowdb disabled, Bugzilla will never run this line of code, and you can't safely enable it on Windows at this point. zach/bbaetz: either of you care to recind your "needs-work" for the first patch, since it's obvious it doesn't matter? :)
Comment 16•23 years ago
|
||
I'm fine with that, except that I'd like to check that NUL: works, cause I copied that line for template outputs for precompilation - its easier then outputting to an empty string. If NUL works, then just use the second version. Its not going to hurt anything, and its technically more correct. Don't bother filing a bug on the win32 shadowdb stuff - this is one more reason to use replication instead ;)
Comment 17•23 years ago
|
||
After a bit of experimentation and some google queries, I found a string that works. Change it to: my $redir = ($^O =~ /MSWin32/i) ? "nul" : "/dev/null"; nul works, NUL: does not.
Assignee | ||
Comment 18•23 years ago
|
||
wouldn't that create a file called "nul" in the current directory?
Assignee | ||
Comment 19•23 years ago
|
||
uses NUL instead of NUL:. Did my own research, and it backs up what's been said here.
Attachment #68829 -
Attachment is obsolete: true
Comment 20•23 years ago
|
||
Comment on attachment 72822 [details] [diff] [review] Windows-compliant, take 2 If it works on windows, r=bbaetz
Attachment #72822 -
Flags: review+
Comment 21•23 years ago
|
||
Comment on attachment 72822 [details] [diff] [review] Windows-compliant, take 2 Presuming you're not supposed to close STDOUT and STDERR before reopening them, r=gerv. Gerv
Attachment #72822 -
Flags: review+
Assignee | ||
Comment 22•23 years ago
|
||
Checking in globals.pl; /cvsroot/mozilla/webtools/bugzilla/globals.pl,v <-- globals.pl new revision: 1.151; previous revision: 1.150 done
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 23•23 years ago
|
||
Checked in to the 2_14_1-BRANCH, per a suggestion from MattyT on reviewers@. As the comment says, applied cleanly to the branch (save a small offset notice), so r/r2 = me.
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•