Closed Bug 987521 Opened 7 years ago Closed 7 years ago

flag activity api needs to prohibit requests which return the entire table

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Production
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: glob, Assigned: dkl)

Details

Attachments

(1 file)

bug 978773 added webservice endpoints for querying the flag activity.

the flag_activity method doesn't check that selection criteria are provided, so it's possible to dump a lot of rows with a single query (limited to 10,000 rows).

this is detrimental to performance, as this table will quickly get large, so it needs to be updated to require a flag-id, requestee, setter, or type-id.

like bug searching, we need to prevent criteria-less queries.


there's also code for offset and limit parameters, which is unusual for our web services, and undocumented.
Assignee: nobody → dkl
Status: NEW → ASSIGNED
OS: Mac OS X → All
Hardware: x86 → All
Attached patch 987521_1.patchSplinter Review
Attachment #8400788 - Flags: review?(glob)
Comment on attachment 8400788 [details] [diff] [review]
987521_1.patch

Review of attachment 8400788 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Attachment #8400788 - Flags: review?(glob) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   0ac842d..818b908  4.2 -> 4.2
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Component: Extensions: Review → Extensions
You need to log in before you can comment on or make changes to this bug.