fall back to the bug's current delta_ts when validating a token if one is not provided to process_bug.cgi

RESOLVED FIXED in Bugzilla 4.4

Status

()

Bugzilla
Creating/Changing Bugs
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: glob, Assigned: glob)

Tracking

4.4.1
Bugzilla 4.4
x86
Mac OS X
Dependency tree / graph
Bug Flags:
approval +
approval4.4 +

Details

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
tl;dr bug 927736 broken bzapi in an unexpected way.


bzapi updates bugs by posting to process_bug.cgi.  current consumers just pass in an update token.  bug 927736 changes the token verification to also rely on the delta_ts which is provided by our forms, but not by bzapi.

while process_bug.cgi isn't a supported api, we should do what we can to not cause undue pain to bzapi.


a compromise would be to validate the token against the bug's current delta_ts if one is not provided by the form.  all our forms will continue to work correctly in all circumstances, while bzapi will work in cases where a mid-air has not occurred.
(Assignee)

Comment 1

4 years ago
Created attachment 821007 [details] [diff] [review]
930013_1.patch
Attachment #821007 - Flags: review?(dkl)
Comment on attachment 821007 [details] [diff] [review]
930013_1.patch

Review of attachment 821007 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #821007 - Flags: review?(dkl) → review+

Updated

4 years ago
Flags: approval?
Flags: approval4.4?
Target Milestone: --- → Bugzilla 4.4
Version: unspecified → 4.4.1

Updated

4 years ago
Blocks: 927497
(Assignee)

Updated

4 years ago
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval+
(Assignee)

Comment 3

4 years ago
Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bugzilla/trunk/
modified process_bug.cgi
Committed revision 8786.

Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bugzilla/4.4/
modified process_bug.cgi
Committed revision 8631.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED

Updated

4 years ago
Blocks: 928331
You need to log in before you can comment on or make changes to this bug.