Bug 520646 - Exception thrown when Query Revision History form is loaded
Summary: Exception thrown when Query Revision History form is loaded
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: viewvc
Version: el5
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Bojan Smojver
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-01 15:09 UTC by Steven Côté
Modified: 2009-09-26 01:27 UTC (History)
1 user (show)

Fixed In Version: 1.1.2-2.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-26 01:27:26 UTC


Attachments (Terms of Use)

Description Steven Côté 2009-09-01 15:09:55 UTC
Description of problem:

Attempting to use the Query Revision History form when a branch is already selected results in an exception being thrown.

Version-Release number of selected component (if applicable):

viewvc-1.0.9-1.el5

How reproducible:

Always

Steps to Reproduce:
1. View the index of any repository
2. Select a specific branch
3. Click on the "Query revision hostory" link.
  
Actual results:
An exception is thrown with the message

An Exception Has Occurred

An illegal value was provided for the "branch" parameter.
HTTP Response Status

400 Bad Request


Additional info:
A quick inspection of the source reveals that the validation function _validate_regex (in /usr/lib/python2.4/site-packages/viewvc/lib/viewvc.py:629) is the function used to inspect the branch parameter (amongst others) and it does not return a value. Thus, when the branch parameter is inspected, all values fail validation and the exception is thrown.

Replacing the pass statement on line 635 with "return True" (thus validating values) fixes the problem, although is probably not an ideal solution, since it opens the door to all kinds of CSS attacks that the 1.09 version was trying to fix.

This bug is really an upstream problem, but I couldn't wrap my head around their bug system, so I'm reporting it here. Hopefully someone more clever than me can push it up stream or at the very least add a patch to the rpm so that it works on our systems.

Comment 1 Bojan Smojver 2009-09-02 03:18:41 UTC
I'm thinking, maybe we should ditch the whole 1.0.x thing and just go to 1.1.x.

Comment 2 Steven Côté 2009-09-02 16:16:36 UTC
That works for me. It might be worth double-checking that this bug didn't creep into 1.1 as well. I'm not sure, but by the commits, it looks like this bug was introduced while backporting a security fix, so it might be in the 1.1 stream as well.

Comment 3 Fedora Update System 2009-09-04 06:49:01 UTC
viewvc-1.1.2-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/viewvc-1.1.2-1.el5

Comment 4 Fedora Update System 2009-09-08 23:00:32 UTC
viewvc-1.1.2-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update viewvc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0407

Comment 5 Steven Côté 2009-09-09 10:28:19 UTC
Bad news, the same bug appears in this new version of viewvc although the work around in the description still works.

Comment 6 Bojan Smojver 2009-09-09 11:06:27 UTC
I think we'll need to report all this upstream, like you suggested before.

Comment 7 Steven Côté 2009-09-09 12:25:26 UTC
Reported upstream:

http://viewvc.tigris.org/issues/show_bug.cgi?id=426

Comment 8 Bojan Smojver 2009-09-09 23:21:56 UTC
Excellent, thank you! I guess we'll just wait for 1.1.3, right?

Comment 9 Steven Côté 2009-09-09 23:55:20 UTC
How weird, someone reported the exact same issue moments after I did. I had just assumed it was you, but it's a completely different name.

The patch has been commited, so it will be available in the next release.

Comment 10 Bojan Smojver 2009-09-09 23:57:16 UTC
Yeah, I've seen that. It wasn't me. Anyhow, the important bit is that the issue will be fixed with the next release.

Comment 11 Fedora Update System 2009-09-23 19:00:51 UTC
viewvc-1.1.2-2.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update viewvc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0407

Comment 12 Steven Côté 2009-09-25 08:53:29 UTC
This latest fix resolves the error. I'm happy to have this bug marked resolved.

Comment 13 Fedora Update System 2009-09-26 01:27:21 UTC
viewvc-1.1.2-2.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.