Description of problem:
While troubleshooting customer issue, it's found that if you schedule a config file deployment which fails, attempting to go to the event details for that failed deployment via System Details -> Configuration, "Configuration Overview" section "Recent Events", (e.g., https://sample.com/rhn/systems/details/configuration/Overview.do?sid=SYSTEMID), you'll find clicking on "View Details" link in "Last Configuration Deployment: All file and/or directory (1 file and 0 directories) deployments failed. [View Details] " gives a 500 Internal Server Error with the following traceback in httpd error logs:
==> /var/log/httpd/error_log <==
[Mon Aug 11 21:37:04 2008] [error] Access to formvar 'sid' not allowed: formvar not cleansed - PXT::Request, /usr/lib/perl5/site_perl/5.8.5/PXT/Request.pm, 337 at /usr/lib/perl5/site_perl/5.8.5/PXT/Request.pm line 297.
[Mon Aug 11 21:37:04 2008] [error] Traceback sent to email@example.com at /usr/lib/perl5/site_perl/5.8.5/PXT/ApacheHandler.pm line 718.
==> /var/log/httpd/ssl_error_log <==
[Mon Aug 11 21:22:56 2008] [error] [client 10.14.51.44] RHN::Exception: DBD::Oracle::st execute failed: ORA-06502: PL/SQL: numeric or value error: character to number conversion error\nORA-06512: at line 2 (DBD ERROR: OCIStmtExecute) [for Statement "BEGIN\n :ret := rhn_server.check_user_access(:p1, :p2);\nEND;" with ParamValues: :ret=undef, :p1='1000010086"', :p2="1"]\n RHN::DB /usr/lib/perl5/site_perl/5.8.5/RHN/DB.pm 226 RHN::Exception::DB::throw\n RHN::DB::db /usr/lib/perl5/site_perl/5.8.5/RHN/DB.pm 484 RHN::DB::handle_error\n RHN::DB::User /usr/lib/perl5/site_perl/5.8.5/RHN/DB/User.pm 1372 RHN::DB::db::call_function\n RHN::DB::User /usr/lib/perl5/site_perl/5.8.5/RHN/DB/User.pm 1297 RHN::DB::User::verify_permission_function_helper\n RHN::Cleansers /usr/lib/perl5/site_perl/5.8.5/RHN/Cleansers.pm 175 RHN::DB::User::verify_system_access\n RHN::Cleansers /usr/lib/perl5/site_perl/5.8.5/RHN/Cleansers.pm 144 RHN::Cleansers::check_param\n PXT::Request /usr/lib/perl5/site_perl/5.8.5/PXT/Request.pm 261 RHN::Cleansers::cleanse\n PXT::ApacheHandler /usr/lib/perl5/site_perl/5.8.5/PXT/ApacheHandler.pm 442 PXT::Request::cleanse_params\n PXT::ApacheHandler /usr/lib/perl5/site_perl/5.8.5/PXT/ApacheHandler.pm 442 (eval)\n PXT::ApacheAuth /usr/lib/perl5/site_perl/5.8.5/PXT/ApacheAuth.pm 23 PXT::ApacheHandler::initialize_pxt\n main -e 0 PXT::ApacheAuth::handler\n main -e 0 (eval)\n
This is b/c the "View Details" link has an extra " at the end of the href, so link target becomes https://sample.com/network/systems/details/history/event.pxt?hid=1017&sid=1000010086%22 as opposed to https://sample.com/network/systems/details/history/event.pxt?hid=1017&sid=1000010086
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Schedule a config file deployment that's doomed to fail, and run rhn_check on target system so it'll pick up the event.
2. Go to System Details -> Configuration, "Configuration Overview" section "Recent Events", (e.g., https://sample.com/rhn/systems/details/configuration/Overview.do?sid=SYSTEMID), and click on "View Details" link in "Last Configuration Deployment: All file and/or directory (1 file and 0 directories) deployments failed. [View Details] ".
3. Check in the url field in browser, and see the double-quote at the end of the url, delete that from url and the page should work.
500 Internal Server Error
Takes you to event details page with no error.
Internal reproducer info & problematic code to follow.
Adding to Sep Customer backlog tracking bug.
No error, page loaded.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.