Description of problem: Attempting to use the Query Revision History form when a branch is already selected results in an exception being thrown. Version-Release number of selected component (if applicable): viewvc-1.0.9-1.el5 How reproducible: Always Steps to Reproduce: 1. View the index of any repository 2. Select a specific branch 3. Click on the "Query revision hostory" link. Actual results: An exception is thrown with the message An Exception Has Occurred An illegal value was provided for the "branch" parameter. HTTP Response Status 400 Bad Request Additional info: A quick inspection of the source reveals that the validation function _validate_regex (in /usr/lib/python2.4/site-packages/viewvc/lib/viewvc.py:629) is the function used to inspect the branch parameter (amongst others) and it does not return a value. Thus, when the branch parameter is inspected, all values fail validation and the exception is thrown. Replacing the pass statement on line 635 with "return True" (thus validating values) fixes the problem, although is probably not an ideal solution, since it opens the door to all kinds of CSS attacks that the 1.09 version was trying to fix. This bug is really an upstream problem, but I couldn't wrap my head around their bug system, so I'm reporting it here. Hopefully someone more clever than me can push it up stream or at the very least add a patch to the rpm so that it works on our systems.
I'm thinking, maybe we should ditch the whole 1.0.x thing and just go to 1.1.x.
That works for me. It might be worth double-checking that this bug didn't creep into 1.1 as well. I'm not sure, but by the commits, it looks like this bug was introduced while backporting a security fix, so it might be in the 1.1 stream as well.
viewvc-1.1.2-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/viewvc-1.1.2-1.el5
viewvc-1.1.2-1.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update viewvc'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0407
Bad news, the same bug appears in this new version of viewvc although the work around in the description still works.
I think we'll need to report all this upstream, like you suggested before.
Reported upstream: http://viewvc.tigris.org/issues/show_bug.cgi?id=426
Excellent, thank you! I guess we'll just wait for 1.1.3, right?
How weird, someone reported the exact same issue moments after I did. I had just assumed it was you, but it's a completely different name. The patch has been commited, so it will be available in the next release.
Yeah, I've seen that. It wasn't me. Anyhow, the important bit is that the issue will be fixed with the next release.
viewvc-1.1.2-2.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update viewvc'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0407
This latest fix resolves the error. I'm happy to have this bug marked resolved.
viewvc-1.1.2-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.