From 7c098954938807062a27d72f52d3f2a8dbd06bfd Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Fri, 3 Aug 2012 12:20:19 +0200 Subject: Bug 780028: Oracle crashes if a column listed in ORDER BY appears twice in SELECT r=glob a=LpSolit --- Bugzilla/Search.pm | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index da37a9638..9cab49ab8 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -824,10 +824,19 @@ sub _add_extra_column { # These are the columns that we're going to be actually SELECTing. sub _display_columns { my ($self) = @_; - # Do not alter the list specified here at all, even if they are duplicated. - # Those are passed by the caller, and the caller expects to get them back - # in the exact same order. - $self->{display_columns} ||= [$self->_input_columns, $self->_extra_columns]; + return @{ $self->{display_columns} } if $self->{display_columns}; + + # Do not alter the list from _input_columns at all, even if there are + # duplicated columns. Those are passed by the caller, and the caller + # expects to get them back in the exact same order. + my @columns = $self->_input_columns; + + # Only add columns which are not already listed. + my %list = map { $_ => 1 } @columns; + foreach my $column ($self->_extra_columns) { + push(@columns, $column) unless $list{$column}++; + } + $self->{display_columns} = \@columns; return @{ $self->{display_columns} }; } -- cgit v1.2.3-24-g4f1b From 94abbb03a8db4179bdd7fe5edccb077e8908d114 Mon Sep 17 00:00:00 2001 From: Koosha Khajeh Moogahi Date: Fri, 3 Aug 2012 12:41:45 -0400 Subject: Bug 682317 - Bug.create is incorrectly documented as ignoring invalid fields; it should say it produces an error r=dkl, a=LpSolit --- Bugzilla/WebService/Bug.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index 781e8b944..5d5f49b26 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -2198,8 +2198,9 @@ B =item B This allows you to create a new bug in Bugzilla. If you specify any -invalid fields, they will be ignored. If you specify any fields you -are not allowed to set, they will just be set to their defaults or ignored. +invalid fields, an error will be thrown stating which field is invalid. +If you specify any fields you are not allowed to set, they will just be +set to their defaults or ignored. You cannot currently set all the items here that you can set on enter_bug.cgi. -- cgit v1.2.3-24-g4f1b From 2137f365677d836e3d3c55c81634d0f732fecdfe Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 6 Aug 2012 23:44:33 +0200 Subject: Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request r=reed a=LpSolit --- template/en/default/account/auth/login-small.html.tmpl | 7 ++++--- template/en/default/account/auth/login.html.tmpl | 1 + token.cgi | 5 +++++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl index fbe40fb43..cb4335466 100644 --- a/template/en/default/account/auth/login-small.html.tmpl +++ b/template/en/default/account/auth/login-small.html.tmpl @@ -36,8 +36,8 @@ [% IF cgi.request_method == "GET" AND cgi.query_string %] [% connector = "&" %] [% END %] - [% script_name = login_target _ connector _ "GoAheadAndLogIn=1" %] - Log In [% Hook.process('additional_methods') %] @@ -114,7 +114,7 @@
  • | - Forgot Password
    @@ -123,6 +123,7 @@ + [x]
    • diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl index 122ef6f7c..3de52b6a0 100644 --- a/template/en/default/account/auth/login.html.tmpl +++ b/template/en/default/account/auth/login.html.tmpl @@ -115,6 +115,7 @@ enter your login name below and submit a request to change your password.
    + [% END %] diff --git a/token.cgi b/token.cgi index fa262e76a..20870159a 100755 --- a/token.cgi +++ b/token.cgi @@ -108,6 +108,11 @@ if ( $action eq 'reqpw' ) { ThrowUserError("password_change_requests_not_allowed"); } + # Check the hash token to make sure this user actually submitted + # the forgotten password form. + my $token = $cgi->param('token'); + check_hash_token($token, ['reqpw']); + validate_email_syntax($login_name) || ThrowUserError('illegal_email_address', {addr => $login_name}); -- cgit v1.2.3-24-g4f1b From 7c35aa81182fe6213876233627964d5515344e6a Mon Sep 17 00:00:00 2001 From: SImon Green Date: Tue, 7 Aug 2012 12:59:38 +0800 Subject: Bug 779709: Don't allow searching on changes to private attachments or comments r=glob, a=LpSolit --- Bugzilla/Search.pm | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 9cab49ab8..9a5e888bc 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -2313,6 +2313,12 @@ sub _long_desc_changedbefore_after { }; push(@$joins, $join); $args->{term} = "$table.bug_when IS NOT NULL"; + + # If the user is not part of the insiders group, they cannot see + # private comments + if (!$self->_user->is_insider) { + $args->{term} .= " AND $table.isprivate = 0"; + } } sub _content_matches { @@ -2795,8 +2801,10 @@ sub _changedbefore_changedafter { extra => ["$table.fieldid = $field_id", "$table.bug_when $sql_operator $sql_date"], }; - push(@$joins, $join); + $args->{term} = "$table.bug_when IS NOT NULL"; + $self->_changed_security_check($args, $join); + push(@$joins, $join); } sub _changedfrom_changedto { @@ -2815,9 +2823,10 @@ sub _changedfrom_changedto { extra => ["$table.fieldid = $field_id", "$table.$column = $quoted"], }; - push(@$joins, $join); $args->{term} = "$table.bug_when IS NOT NULL"; + $self->_changed_security_check($args, $join); + push(@$joins, $join); } sub _changedby { @@ -2836,8 +2845,32 @@ sub _changedby { extra => ["$table.fieldid = $field_id", "$table.who = $user_id"], }; - push(@$joins, $join); + $args->{term} = "$table.bug_when IS NOT NULL"; + $self->_changed_security_check($args, $join); + push(@$joins, $join); +} + +sub _changed_security_check { + my ($self, $args, $join) = @_; + my ($chart_id, $field) = @$args{qw(chart_id field)}; + + my $field_object = $self->_chart_fields->{$field} + || ThrowCodeError("invalid_field_name", { field => $field }); + my $field_id = $field_object->id; + + # If the user is not part of the insiders group, they cannot see + # changes to attachments (including attachment flags) that are private + if ($field =~ /^(?:flagtypes\.name$|attach)/ and !$self->_user->is_insider) { + $join->{then_to} = { + as => "attach_${field_id}_$chart_id", + table => 'attachments', + from => "act_${field_id}_$chart_id.attach_id", + to => 'attach_id', + }; + + $args->{term} .= " AND COALESCE(attach_${field_id}_$chart_id.isprivate, 0) = 0"; + } } ###################### -- cgit v1.2.3-24-g4f1b From cfe703f3b83e2dd790696e3fcf1e238caccca7d9 Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Tue, 7 Aug 2012 08:54:26 -0700 Subject: Bug 780883 - s/fieldAutoComp/keywordAutoComp/ (fallout from bad 4.2 commit in bug 764517) [r=glob a=LpSolit] --- js/field.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/field.js b/js/field.js index 3d85ff116..07433b2a5 100644 --- a/js/field.js +++ b/js/field.js @@ -787,7 +787,7 @@ YAHOO.bugzilla.keywordAutocomplete = { this.expandContainer(); } }); - fieldAutoComp.dataRequestEvent.subscribe( function(type, args) { + keywordAutoComp.dataRequestEvent.subscribe( function(type, args) { args[0].autoHighlight = args[1] != ''; }); } -- cgit v1.2.3-24-g4f1b From 10c93f968943b06c1197b4c121edb7974b02a52e Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 8 Aug 2012 12:23:45 +0200 Subject: Bug 781059: -moz-border-radius is obsolete and must be replaced by the standard border-radius CSS property r=reed a=LpSolit --- skins/contrib/Dusk/global.css | 12 ++++++------ skins/standard/global.css | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/skins/contrib/Dusk/global.css b/skins/contrib/Dusk/global.css index 3a18e401e..63375672b 100644 --- a/skins/contrib/Dusk/global.css +++ b/skins/contrib/Dusk/global.css @@ -30,8 +30,8 @@ body { /* page title */ #titles { - -moz-border-radius-topleft: 5px; - -moz-border-radius-topright: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; } #header .links, #footer { @@ -40,8 +40,8 @@ body { } #header { - -moz-border-radius-bottomleft: 5px; - -moz-border-radius-bottomright: 5px; + border-bottom-left-radius: 5px; + border-bottom-right-radius: 5px; border: none; } @@ -61,7 +61,7 @@ body { border: 1px solid #747e93; padding: 10px; font-size: 10pt; - -moz-border-radius: 5px; + border-radius: 5px; } a { @@ -174,7 +174,7 @@ hr { #footer { border: 1px solid #747e93; width: 100%; - -moz-border-radius: 5px; + border-radius: 5px; } #footer #links-actions, diff --git a/skins/standard/global.css b/skins/standard/global.css index 0b28ff3b6..4d4b02153 100644 --- a/skins/standard/global.css +++ b/skins/standard/global.css @@ -55,8 +55,8 @@ border-left: 1px solid #747E93; border-right: 1px solid #747E93; border-bottom: 1px solid #747E93; - -moz-border-radius-bottomleft: 5px; - -moz-border-radius-bottomright: 5px; + border-bottom-left-radius: 5px; + border-bottom-right-radius: 5px; padding: 0.5em; } @@ -105,8 +105,8 @@ width: 100%; background-color: #404D6C; color: #fff; - -moz-border-radius-topleft: 5px; - -moz-border-radius-topright: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; font-size: 110%; margin: 0; padding: 0.5em; -- cgit v1.2.3-24-g4f1b From 36bfbfd3252599a596470c05a359dfb680c85159 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Sun, 12 Aug 2012 14:14:38 +0200 Subject: Bug 781059 part 2: -moz-border-radius is obsolete and must be replaced by the standard border-radius CSS property --- skins/standard/show_bug.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/skins/standard/show_bug.css b/skins/standard/show_bug.css index 99c0b405e..8214ce5f4 100644 --- a/skins/standard/show_bug.css +++ b/skins/standard/show_bug.css @@ -2,7 +2,7 @@ margin: 8px 0; padding: 0.3em; background-color: rgb(208, 208, 208); - -moz-border-radius: 0.5em; + border-radius: 0.5em; font-size: 125%; font-weight: bold; } -- cgit v1.2.3-24-g4f1b From 872088062e1be624952038424854b5bd454d6307 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 15 Aug 2012 21:29:25 +0200 Subject: Bug 771100: Unable to attach a file to a bug with perl 5.16 r=dkl a=LpSolit --- Bugzilla/CGI.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index e0e1c40ba..21d4303a8 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -353,7 +353,7 @@ sub param { sub _fix_utf8 { my $input = shift; # The is_utf8 is here in case CGI gets smart about utf8 someday. - utf8::decode($input) if defined $input && !utf8::is_utf8($input); + utf8::decode($input) if defined $input && !ref $input && !utf8::is_utf8($input); return $input; } -- cgit v1.2.3-24-g4f1b From 36ffbcd533ca1a98224e7240a039c59786a24bbd Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 20 Aug 2012 11:02:24 +0200 Subject: Bug 698068: The "There is no saved search named ..." page has a "forget" link r=glob a=LpSolit --- Bugzilla/Search/Saved.pm | 2 +- buglist.cgi | 2 +- template/en/default/global/user-error.html.tmpl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Bugzilla/Search/Saved.pm b/Bugzilla/Search/Saved.pm index fc773fcde..99194112a 100644 --- a/Bugzilla/Search/Saved.pm +++ b/Bugzilla/Search/Saved.pm @@ -109,7 +109,7 @@ sub check { if (!$search->shared_with_group or !$user->in_group($search->shared_with_group)) { - ThrowUserError('missing_query', { queryname => $search->name, + ThrowUserError('missing_query', { name => $search->name, sharer_id => $search->user->id }); } diff --git a/buglist.cgi b/buglist.cgi index 1029f0fe7..b4c322a58 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -213,7 +213,7 @@ sub LookupNamedQuery { Bugzilla->login(LOGIN_REQUIRED); my $query = Bugzilla::Search::Saved->check( - { user => $sharer_id, name => $name }); + { user => $sharer_id, name => $name, _error => 'missing_query' }); $query->url || ThrowUserError("buglist_parameters_required"); diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 3d1ac5c53..5536d9fd2 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1177,7 +1177,7 @@ [% title = "Missing Search" %] [% docslinks = {'query.html' => "Searching for $terms.bugs", 'query.html#list' => "$terms.Bug lists"} %] - The search named [% queryname FILTER html %] + The search named [% name FILTER html %] [% IF sharer_id && sharer_id != user.id %] has not been made visible to you. [% ELSE %] -- cgit v1.2.3-24-g4f1b From 6773f8949521744fba0c7fe1cc4bbe3016f7888f Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Tue, 21 Aug 2012 00:43:52 +0200 Subject: Bug 783786: PostgreSQL databases can be created with the wrong encoding r=dkl a=LpSolit --- Bugzilla/DB/Schema/Pg.pm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Bugzilla/DB/Schema/Pg.pm b/Bugzilla/DB/Schema/Pg.pm index ef6e5671d..d21f5099c 100644 --- a/Bugzilla/DB/Schema/Pg.pm +++ b/Bugzilla/DB/Schema/Pg.pm @@ -90,6 +90,16 @@ sub _initialize { } #eosub--_initialize #-------------------------------------------------------------------- +sub get_create_database_sql { + my ($self, $name) = @_; + # We only create as utf8 if we have no params (meaning we're doing + # a new installation) or if the utf8 param is on. + my $create_utf8 = Bugzilla->params->{'utf8'} + || !defined Bugzilla->params->{'utf8'}; + my $charset = $create_utf8 ? "ENCODING 'UTF8' TEMPLATE template0" : ''; + return ("CREATE DATABASE $name $charset"); +} + sub get_rename_column_ddl { my ($self, $table, $old_name, $new_name) = @_; if (lc($old_name) eq lc($new_name)) { -- cgit v1.2.3-24-g4f1b From 26066436dcb00548c6f5b09cc6cfc68f96a9f045 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Sun, 26 Aug 2012 03:22:01 +0200 Subject: Bug 559539: [Oracle] whine.pl sets run_next incorrectly due to CURRENT_DATE r/a=LpSolit --- Bugzilla/DB/Oracle.pm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Bugzilla/DB/Oracle.pm b/Bugzilla/DB/Oracle.pm index 2cbd19a82..83dc3a29a 100644 --- a/Bugzilla/DB/Oracle.pm +++ b/Bugzilla/DB/Oracle.pm @@ -310,8 +310,9 @@ sub adjust_statement { my $has_from = ($part =~ m/\bFROM\b/io) if $is_select; # Oracle recognizes CURRENT_DATE, but not CURRENT_DATE() - $part =~ s/\bCURRENT_DATE\b\(\)/CURRENT_DATE/io; - + # and its CURRENT_DATE is a date+time, so wrap in TRUNC() + $part =~ s/\bCURRENT_DATE\b(?:\(\))?/TRUNC(CURRENT_DATE)/io; + # Oracle use SUBSTR instead of SUBSTRING $part =~ s/\bSUBSTRING\b/SUBSTR/io; @@ -341,7 +342,8 @@ sub adjust_statement { if ($is_select and !$has_from); # Oracle recognizes CURRENT_DATE, but not CURRENT_DATE() - $nonstring =~ s/\bCURRENT_DATE\b\(\)/CURRENT_DATE/io; + # and its CURRENT_DATE is a date+time, so wrap in TRUNC() + $nonstring =~ s/\bCURRENT_DATE\b(?:\(\))?/TRUNC(CURRENT_DATE)/io; # Oracle use SUBSTR instead of SUBSTRING $nonstring =~ s/\bSUBSTRING\b/SUBSTR/io; -- cgit v1.2.3-24-g4f1b From b412d2636fd4997389a5ecad459c2e31adf670fc Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 27 Aug 2012 20:14:49 +0200 Subject: Bug 785917: Custom field descriptions are not properly escaped when displayed as bug list column headers r=glob a=LpSolit --- template/en/default/filterexceptions.pl | 1 - template/en/default/list/table.html.tmpl | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 8680573fb..496c60bb6 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -154,7 +154,6 @@ 'list/table.html.tmpl' => [ 'tableheader', 'bug.bug_id', - 'abbrev.$id.title || field_descs.$id || column.title', ], 'list/list.csv.tmpl' => [ diff --git a/template/en/default/list/table.html.tmpl b/template/en/default/list/table.html.tmpl index 2b266d4ce..a074fcbd0 100644 --- a/template/en/default/list/table.html.tmpl +++ b/template/en/default/list/table.html.tmpl @@ -133,7 +133,7 @@ [% PROCESS new_order %] [%-#%]&query_based_on= [% defaultsavename OR searchname FILTER uri %]"> - [%- abbrev.$id.title || field_descs.$id || column.title -%] + [%- abbrev.$id.title || field_descs.$id || column.title FILTER html -%] [% PROCESS order_arrow ~%] -- cgit v1.2.3-24-g4f1b From beae46063bcb62deddd6e72c2e34388b3c265da0 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Wed, 29 Aug 2012 00:35:50 +0800 Subject: Bug 772953: Remove the token from buglist urls r=dkl, a=LpSolit --- Bugzilla/CGI.pm | 5 +++++ buglist.cgi | 3 ++- js/custom-search.js | 8 ++++++++ template/en/default/search/search-advanced.html.tmpl | 11 +++++++++-- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 21d4303a8..d0b3f3711 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -169,6 +169,11 @@ sub clean_search_url { # Delete leftovers from the login form $self->delete('Bugzilla_remember', 'GoAheadAndLogIn'); + # Delete the token if we're not updating the defaults + unless (defined $self->param('remtype') && $self->param('remtype') eq 'asdefault') { + $self->delete("token"); + } + foreach my $num (1,2,3) { # If there's no value in the email field, delete the related fields. if (!$self->param("email$num")) { diff --git a/buglist.cgi b/buglist.cgi index b4c322a58..c5c06bdc8 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -1116,7 +1116,8 @@ else { # Set 'urlquerypart' once the buglist ID is known. $vars->{'urlquerypart'} = $params->canonicalise_query('order', 'cmdtype', - 'query_based_on'); + 'query_based_on', + 'token'); if ($format->{'extension'} eq "csv") { # We set CSV files to be downloaded, as they are designed for importing diff --git a/js/custom-search.js b/js/custom-search.js index 0ee7d2488..73897035d 100644 --- a/js/custom-search.js +++ b/js/custom-search.js @@ -146,7 +146,15 @@ function fix_query_string(form_member) { return; var form = YAHOO.util.Dom.getAncestorByTagName(form_member, 'form'); + // Disable the token field so setForm doesn't include it + var reenable_token = false; + if (form['token'] && !form['token'].disabled) { + form['token'].disabled = true; + reenable_token = true; + } var query = YAHOO.util.Connect.setForm(form); + if (reenable_token) + form['token'].disabled = false; window.History.replaceState(null, document.title, '?' + query); } diff --git a/template/en/default/search/search-advanced.html.tmpl b/template/en/default/search/search-advanced.html.tmpl index ef7fa769a..780d54edd 100644 --- a/template/en/default/search/search-advanced.html.tmpl +++ b/template/en/default/search/search-advanced.html.tmpl @@ -31,7 +31,13 @@ [% js_data = BLOCK %] -var queryform = "queryform" +var queryform = "queryform"; +function remove_token() { + if (queryform.token) { + var asDefault = document.getElementById('remasdefault'); + queryform.token.disabled = !asDefault.checked; + } +} [% END %] [% PROCESS global/header.html.tmpl @@ -53,7 +59,8 @@ var queryform = "queryform"

    Hover your mouse over each field label to get help for that field.

    -
    + [% PROCESS search/form.html.tmpl %] -- cgit v1.2.3-24-g4f1b From 7b55436a724b9a65fb5a735cfd8965313e9161e3 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Wed, 29 Aug 2012 12:45:48 +0800 Subject: Fix bustage caused by Bug 772953 --- Bugzilla/CGI.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index d0b3f3711..d58b19088 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -170,7 +170,10 @@ sub clean_search_url { $self->delete('Bugzilla_remember', 'GoAheadAndLogIn'); # Delete the token if we're not updating the defaults - unless (defined $self->param('remtype') && $self->param('remtype') eq 'asdefault') { + unless (defined $self->param('remtype') + && ($self->param('remtype') eq 'asdefault' + || $self->param('remtype') eq 'asnamed')) + { $self->delete("token"); } -- cgit v1.2.3-24-g4f1b From 98954571ac9cdc3d25ae626bde4ef8c1a18b9811 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Wed, 29 Aug 2012 12:59:26 +0800 Subject: Fix more bustage caused by Bug 772953 --- Bugzilla/CGI.pm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index d58b19088..7135f7c48 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -169,10 +169,12 @@ sub clean_search_url { # Delete leftovers from the login form $self->delete('Bugzilla_remember', 'GoAheadAndLogIn'); - # Delete the token if we're not updating the defaults - unless (defined $self->param('remtype') - && ($self->param('remtype') eq 'asdefault' - || $self->param('remtype') eq 'asnamed')) + # Delete the token if we're not performing an action which needs it + unless ((defined $self->param('remtype') + && ($self->param('remtype') eq 'asdefault' + || $self->param('remtype') eq 'asnamed')) + || (defined $self->param('remaction') + && $self->param('remaction') eq 'forget')) { $self->delete("token"); } -- cgit v1.2.3-24-g4f1b From 809817d7d23cbc3fe4f35611d1e9755c750fa4eb Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Wed, 29 Aug 2012 13:45:37 +0800 Subject: Bug 786310: Remove tokens when saving the default query r= LpSolit, a=LpSolit --- buglist.cgi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buglist.cgi b/buglist.cgi index c5c06bdc8..c941691e2 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -465,6 +465,8 @@ elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) { $user = Bugzilla->login(LOGIN_REQUIRED); my $token = $cgi->param('token'); check_hash_token($token, ['searchknob']); + $buffer = $params->canonicalise_query('cmdtype', 'remtype', + 'query_based_on', 'token'); InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer); $vars->{'message'} = "buglist_new_default_query"; } -- cgit v1.2.3-24-g4f1b From b9a226f01b4ad422d90f8e6ed519f1b271533b33 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 29 Aug 2012 16:36:38 +0200 Subject: Bug 772620: Ignore empty strings in the CC list r=dkl a=LpSolit --- Bugzilla/User.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index f8c490b1a..713de3649 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -1528,6 +1528,8 @@ sub match_field { my @logins; for my $query (@queries) { $query = trim($query); + next if $query eq ''; + my $users = match( $query, # match string $limit, # match limit -- cgit v1.2.3-24-g4f1b From f018846b89955e844b2896ea3d5e2b3e4962cd42 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 30 Aug 2012 00:14:29 +0200 Subject: Bug 786351: Release notes for Bugzilla 4.2.3 r=dkl a=LpSolit --- template/en/default/pages/release-notes.html.tmpl | 41 +++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index 11c5d5460..35963148a 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -53,6 +53,44 @@

    Updates in this 4.2.x Release

    +

    4.2.3

    + +

    This release fixes two security issues. See the + Security Advisory + for details.

    + +

    In addition, the following important fixes/changes have been made in this + release:

    + +
      +
    • Attaching a file to [% terms.abug %] was broken due to a change in + Perl 5.16. + ([% terms.Bug %] 771100)
      • +
    • A regression in [% terms.Bugzilla %] 4.2.2 made Oracle crash when + displaying a buglist. + ([% terms.Bug %] 780028)
      • +
    • It was possible to search on history for comments and attachments you + cannot see (though these private comments and attachments are never disclosed). + ([% terms.Bug %] 779709)
      • +
    • PostgreSQL databases could be created with the wrong encoding despite + the utf8 parameter being enabled. + ([% terms.Bug %] 783786)
      • +
    • Scheduled whines could be sent at the wrong time on Oracle. + ([% terms.Bug %] 559539)
      • +
    • Tokens are no longer included in saved queries. + ([% terms.Bug %] 772953)
      • +
    • An admin could unintentionally break the display of buglists if a custom + field description contains a < or > character, because these characters + were not filtered. + ([% terms.Bug %] 785917)
      • +
    • Adding or removing a DB column in Oracle didn't handle SERIAL columns + correctly. + ([% terms.Bug %] 731156)
      • +
    • A minor CSRF vulnerability in token.cgi allowed possible unauthorized + password reset e-mail requests. + ([% terms.Bug %] 706271)
      • +
    +

    4.2.2

    This release fixes two security issues. See the @@ -432,6 +470,9 @@ [%- terms.Bug %] 584742: When viewing [% terms.abug %], WebKit-based browsers can automatically reset a field's selected value when the field has disabled values. +

  • + [%- terms.Bug %] 780053: Oracle crashes when listing keywords, tags + or flags in buglists.
    • -- cgit v1.2.3-24-g4f1b From 971c0a4fe0e1e88ad35f041254101cfcaadfc723 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 30 Aug 2012 00:47:11 +0200 Subject: Bug 731156: [Oracle] Adding or removing a DB column does not handle SERIAL correctly r=dkl a=LpSolit --- Bugzilla/DB/Oracle.pm | 62 +++++++++++++++++++++++++++++++++--------- Bugzilla/DB/Schema/Oracle.pm | 64 +++++++++++++++++++++++++++++++++----------- 2 files changed, 97 insertions(+), 29 deletions(-) diff --git a/Bugzilla/DB/Oracle.pm b/Bugzilla/DB/Oracle.pm index 83dc3a29a..da263e084 100644 --- a/Bugzilla/DB/Oracle.pm +++ b/Bugzilla/DB/Oracle.pm @@ -637,11 +637,25 @@ sub bz_setup_database { $self->SUPER::bz_setup_database(@_); + my $sth = $self->prepare("SELECT OBJECT_NAME FROM USER_OBJECTS WHERE OBJECT_NAME = ?"); my @tables = $self->bz_table_list_real(); + foreach my $table (@tables) { my @columns = $self->bz_table_columns_real($table); foreach my $column (@columns) { my $def = $self->bz_column_info($table, $column); + # bz_add_column() before Bugzilla 4.2.3 didn't handle primary keys + # correctly (bug 731156). We have to add missing sequences and + # triggers ourselves. + if ($def->{TYPE} =~ /SERIAL/i) { + my $sequence = "${table}_${column}_SEQ"; + my $exists = $self->selectrow_array($sth, undef, $sequence); + if (!$exists) { + my @sql = $self->_get_create_seq_ddl($table, $column); + $self->do($_) foreach @sql; + } + } + if ($def->{REFERENCES}) { my $references = $def->{REFERENCES}; my $update = $references->{UPDATE} || 'CASCADE'; @@ -655,15 +669,13 @@ sub bz_setup_database { $to_table = 'tag'; } if ( $update =~ /CASCADE/i ){ - my $trigger_name = uc($fk_name . "_UC"); - my $exist_trigger = $self->selectcol_arrayref( - "SELECT OBJECT_NAME FROM USER_OBJECTS - WHERE OBJECT_NAME = ?", undef, $trigger_name); + my $trigger_name = uc($fk_name . "_UC"); + my $exist_trigger = $self->selectcol_arrayref($sth, undef, $trigger_name); if(@$exist_trigger) { $self->do("DROP TRIGGER $trigger_name"); } - my $tr_str = "CREATE OR REPLACE TRIGGER $trigger_name" + my $tr_str = "CREATE OR REPLACE TRIGGER $trigger_name" . " AFTER UPDATE OF $to_column ON $to_table " . " REFERENCING " . " NEW AS NEW " @@ -674,22 +686,46 @@ sub bz_setup_database { . " SET $column = :NEW.$to_column" . " WHERE $column = :OLD.$to_column;" . " END $trigger_name;"; - $self->do($tr_str); - } - } - } - } + $self->do($tr_str); + } + } + } + } # Drop the trigger which causes bug 541553 my $trigger_name = "PRODUCTS_MILESTONEURL"; - my $exist_trigger = $self->selectcol_arrayref( - "SELECT OBJECT_NAME FROM USER_OBJECTS - WHERE OBJECT_NAME = ?", undef, $trigger_name); + my $exist_trigger = $self->selectcol_arrayref($sth, undef, $trigger_name); if(@$exist_trigger) { $self->do("DROP TRIGGER $trigger_name"); } } +# These two methods have been copied from Bugzilla::DB::Schema::Oracle. +sub _get_create_seq_ddl { + my ($self, $table, $column) = @_; + + my $seq_name = "${table}_${column}_SEQ"; + my $seq_sql = "CREATE SEQUENCE $seq_name INCREMENT BY 1 START WITH 1 " . + "NOMAXVALUE NOCYCLE NOCACHE"; + my $trigger_sql = $self->_get_create_trigger_ddl($table, $column, $seq_name); + return ($seq_sql, $trigger_sql); +} + +sub _get_create_trigger_ddl { + my ($self, $table, $column, $seq_name) = @_; + + my $trigger_sql = "CREATE OR REPLACE TRIGGER ${table}_${column}_TR " + . " BEFORE INSERT ON $table " + . " FOR EACH ROW " + . " BEGIN " + . " SELECT ${seq_name}.NEXTVAL " + . " INTO :NEW.$column FROM DUAL; " + . " END;"; + return $trigger_sql; +} + +############################################################################ + package Bugzilla::DB::Oracle::st; use base qw(DBI::st); diff --git a/Bugzilla/DB/Schema/Oracle.pm b/Bugzilla/DB/Schema/Oracle.pm index f2d5b8be0..9fafc4515 100644 --- a/Bugzilla/DB/Schema/Oracle.pm +++ b/Bugzilla/DB/Schema/Oracle.pm @@ -199,6 +199,31 @@ sub _get_fk_name { return $fk_name; } +sub get_add_column_ddl { + my $self = shift; + my ($table, $column, $definition, $init_value) = @_; + my @sql; + + # Create sequences and triggers to emulate SERIAL datatypes. + if ($definition->{TYPE} =~ /SERIAL/i) { + # Clone the definition to not alter the original one. + my %def = %$definition; + # Oracle requires to define the column is several steps. + my $pk = delete $def{PRIMARYKEY}; + my $notnull = delete $def{NOTNULL}; + @sql = $self->SUPER::get_add_column_ddl($table, $column, \%def, $init_value); + push(@sql, $self->_get_create_seq_ddl($table, $column)); + push(@sql, "UPDATE $table SET $column = ${table}_${column}_SEQ.NEXTVAL"); + push(@sql, "ALTER TABLE $table MODIFY $column NOT NULL") if $notnull; + push(@sql, "ALTER TABLE $table ADD PRIMARY KEY ($column)") if $pk; + } + else { + @sql = $self->SUPER::get_add_column_ddl(@_); + } + + return @sql; +} + sub get_alter_column_ddl { my ($self, $table, $column, $new_def, $set_nulls_to) = @_; @@ -364,6 +389,29 @@ sub get_rename_column_ddl { return @sql; } +sub get_drop_column_ddl { + my $self = shift; + my ($table, $column) = @_; + my @sql; + push(@sql, $self->SUPER::get_drop_column_ddl(@_)); + my $dbh=Bugzilla->dbh; + my $trigger_name = uc($table . "_" . $column); + my $exist_trigger = $dbh->selectcol_arrayref( + "SELECT OBJECT_NAME FROM USER_OBJECTS + WHERE OBJECT_NAME = ?", undef, $trigger_name); + if(@$exist_trigger) { + push(@sql, "DROP TRIGGER $trigger_name"); + } + # If this column is of type SERIAL, we need to drop the sequence + # and trigger that went along with it. + my $def = $self->get_column_abstract($table, $column); + if ($def->{TYPE} =~ /SERIAL/i) { + push(@sql, "DROP SEQUENCE ${table}_${column}_SEQ"); + push(@sql, "DROP TRIGGER ${table}_${column}_TR"); + } + return @sql; +} + sub get_rename_table_sql { my ($self, $old_name, $new_name) = @_; if (lc($old_name) eq lc($new_name)) { @@ -465,20 +513,4 @@ sub get_set_serial_sql { return @sql; } -sub get_drop_column_ddl { - my $self = shift; - my ($table, $column) = @_; - my @sql; - push(@sql, $self->SUPER::get_drop_column_ddl(@_)); - my $dbh=Bugzilla->dbh; - my $trigger_name = uc($table . "_" . $column); - my $exist_trigger = $dbh->selectcol_arrayref( - "SELECT OBJECT_NAME FROM USER_OBJECTS - WHERE OBJECT_NAME = ?", undef, $trigger_name); - if(@$exist_trigger) { - push(@sql, "DROP TRIGGER $trigger_name"); - } - return @sql; -} - 1; -- cgit v1.2.3-24-g4f1b From 2d212c52ae394a18286e68ed81e7654c0fb7e3af Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 30 Aug 2012 20:16:58 +0200 Subject: Bug 785522: [SECURITY] Block access to templates in extensions/ r=glob a=LpSolit --- .htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.htaccess b/.htaccess index 4b06fe9a9..c16ee19af 100644 --- a/.htaccess +++ b/.htaccess @@ -1,5 +1,5 @@ # Don't allow people to retrieve non-cgi executable files or our private data - + deny from all -- cgit v1.2.3-24-g4f1b From 0c29bd76219ab35494f7cc202ffa071bc5006881 Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Thu, 30 Aug 2012 20:27:36 +0200 Subject: Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can lead to LDAP injection r/a=LpSolit --- Bugzilla/Auth/Verify/LDAP.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm index cdc802ca0..0f10f9fbf 100644 --- a/Bugzilla/Auth/Verify/LDAP.pm +++ b/Bugzilla/Auth/Verify/LDAP.pm @@ -41,6 +41,7 @@ use Bugzilla::User; use Bugzilla::Util; use Net::LDAP; +use Net::LDAP::Util qw(escape_filter_value); use constant admin_can_create_account => 0; use constant user_can_create_account => 0; @@ -144,6 +145,7 @@ sub check_credentials { sub _bz_search_params { my ($username) = @_; + $username = escape_filter_value($username); return (base => Bugzilla->params->{"LDAPBaseDN"}, scope => "sub", filter => '(&(' . Bugzilla->params->{"LDAPuidattribute"} -- cgit v1.2.3-24-g4f1b From f3252f4a9c1d3d6d6dd394d52c0f5a0c25fcd308 Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Thu, 30 Aug 2012 15:02:10 -0400 Subject: Bump version to 4.2.3 --- Bugzilla/Constants.pm | 2 +- docs/en/xml/Bugzilla-Guide.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index cffb895cf..b8b97411f 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -202,7 +202,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.2.2+"; +use constant BUGZILLA_VERSION => "4.2.3"; # Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml index d00055aa9..1ed72f64a 100644 --- a/docs/en/xml/Bugzilla-Guide.xml +++ b/docs/en/xml/Bugzilla-Guide.xml @@ -32,9 +32,9 @@ For a devel release, simple bump bz-ver and bz-date --> - + - + -- cgit v1.2.3-24-g4f1b From 8714b6e62007c8de816a0b7f4e053e25c6de31c8 Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Thu, 30 Aug 2012 16:24:38 -0400 Subject: Bumped version post-release --- Bugzilla/Constants.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index b8b97411f..b804372f1 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -202,7 +202,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.2.3"; +use constant BUGZILLA_VERSION => "4.2.3+"; # Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; -- cgit v1.2.3-24-g4f1b