Red Hat Bugzilla – Bug 1248271
Task search not properly validating input, throws SQL error
Last modified: 2017-03-21 17:12:35 EDT
Description of problem:
Depending on expected inputs, user can get a SQL error thrown on Tasks when providing wrong input type.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create admin user named 'mmccune'
2. Using 'mmccune', perform a variety of tasks.
3. Monitor > Tasks
4. in search filter, search for owner.id = mmccune (note that this is incorrect; id is expecting an integer)
PGError: ERROR: invalid input syntax for integer: "mmccune" LINE 4: ...) WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')... ^ : SELECT "foreman_tasks_tasks".* FROM "foreman_tasks_tasks" INNER JOIN foreman_tasks_locks AS foreman_tasks_locks_owner ON (foreman_tasks_locks_owner.task_id = foreman_tasks_tasks.id AND foreman_tasks_locks_owner.resource_type = 'User' AND foreman_tasks_locks_owner.name = 'task_owner') WHERE ((foreman_tasks_locks_owner.resource_id = 'mmccune')) ORDER BY "foreman_tasks_tasks"."started_at" DESC NULLS LAST LIMIT 20 OFFSET 0
Proper handling of incorrect inputs.
Created redmine issue http://projects.theforeman.org/issues/15922 from this bug
Moving 6.2 bugs out to sat-backlog.
Upstream bug assigned to email@example.com
There is a an upstream issue opened for this. We will no longer be tracking this downstream. If you believe this was closed in error please feel free to re-open with additional information.