690874 – Bugzilla shows Software error if I execute a queary and I'm not logged in

Bug 690874 - Bugzilla shows Software error if I execute a queary and I'm not logged in

Summary: Bugzilla shows Software error if I execute a queary and I'm not logged in

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Bugzilla
Classification:	Community
Component:	User Interface
Sub Component:
Version:	3.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium vote
Target Milestone:	---
Assignee:	Simon Green
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-03-25 16:39 UTC by Miroslav Vadkerti
Modified:	2014-10-12 22:46 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-07-17 23:18:22 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Miroslav Vadkerti 2011-03-25 16:39:18 UTC

Description of problem:
When I execute this query and I'm not logged in I get this error:
https://bugzilla.redhat.com/buglist.cgi?type3-0-3=substring&type1-0-0=anywordssubstr&keywords=ZStream%20Tracking&keywords_type=nowords&value3-0-3=High&type3-0-0=substring&field0-0-0=flagtypes.name&value3-0-0=FutureFeature&value2-0-0=SanityOnly&field3-0-2=priority&type3-0-2=substring&field2-0-0=cf_verified&classification=Red%20Hat&field3-0-1=target_milestone&field3-0-0=keywords&field3-0-3=priority&type2-0-0=notsubstring&query_format=advanced&value1-0-0=qe-baseos-security%2Cebenes%2Cmmalik%2Cksrot%2Cmnowak%2Czmraz%2Cmvadkert%2Camarecek%2Comoris&bug_status=ON_QA&value3-0-2=Urgent&value3-0-1=beta&type0-0-0=substring&type3-0-1=substring&value0-0-0=rhel-6.1.0%2B&field1-0-0=qa_contact&product=Red%20Hat%20Enterprise%20Linux%206

The problem is the field2-0-0=cf_verified. When I remove it the query works

The error message
DBD::mysql::st execute failed: Unknown column 'bugs.cf_verified' in 'where clause' [for Statement "SELECT bugs.bug_id AS bug_id, bugs.bug_severity AS bug_severity, bugs.priority AS priority, bugs.bug_status AS bug_status, bugs.resolution AS resolution, map_products.name AS product, bugs.op_sys AS op_sys, map_assigned_to.realname AS assigned_to, bugs.short_desc AS short_desc, map_components.name AS component FROM bugs  INNER JOIN profiles AS map_assigned_to ON (bugs.assigned_to = map_assigned_to.userid) INNER JOIN products AS map_products ON (bugs.product_id = map_products.id) AND (bugs.product_id = map_products.id) INNER JOIN components AS map_components ON (bugs.component_id = map_components.id) LEFT JOIN flags AS flags_0 ON (bugs.bug_id = flags_0.bug_id ) LEFT JOIN flagtypes AS flagtypes_0 ON (flags_0.type_id = flagtypes_0.id) LEFT JOIN profiles AS map_qa_contact ON (bugs.qa_contact = map_qa_contact.userid) LEFT JOIN keywords AS keywords_3 ON (keywords_3.bug_id = bugs.bug_id) LEFT JOIN keyworddefs AS keyworddefs_3 ON (keyworddefs_3.id = keywords_3.keywordid) LEFT JOIN bug_status ON (bug_status.value = bugs.bug_status) LEFT JOIN priority ON (priority.value = bugs.priority) LEFT JOIN bug_group_map  ON bug_group_map.bug_id = bugs.bug_id  WHERE ((bugs.bug_id NOT IN (SELECT bug_id FROM keywords LEFT JOIN keyworddefs ON keywords.keywordid = keyworddefs.id WHERE keyworddefs.name REGEXP '(^|[^a-z0-9])zstream($|[^a-z0-9])' OR keyworddefs.name REGEXP '(^|[^a-z0-9])tracking($|[^a-z0-9])')) AND ( map_products.classification_id IN (1) ) AND ( bugs.bug_status IN ('ON_QA') ) AND ( bugs.product_id IN (151) )) AND ((INSTR(CONCAT(flagtypes_0.name, flags_0.status), 'rhel-6.1.0+') > 0)) AND ((INSTR(COALESCE(map_qa_contact.login_name,''), 'qe-baseos-security') > 0 OR INSTR(COALESCE(map_qa_contact.login_name,''), 'ebenes') > 0 OR INSTR(COALESCE(map_qa_contact.login_name,''), 'mmalik') > 0 OR INSTR(COALESCE(map_qa_contact.login_name,''), 'ksrot') > 0 OR INSTR(COALESCE(map_qa_contact.login_name,''), 'mnowak') > 0 OR INSTR(COALESCE(map_qa_contact.login_name,''), 'zmraz') > 0 OR INSTR(COALESCE(map_qa_contact.login_name,''), 'mvadkert') > 0 OR INSTR(COALESCE(map_qa_contact.login_name,''), 'amarecek') > 0 OR INSTR(COALESCE(map_qa_contact.login_name,''), 'omoris') > 0)) AND ((INSTR(bugs.cf_verified, 'SanityOnly') = 0)) AND (((INSTR(keyworddefs_3.name, 'FutureFeature') > 0) OR (INSTR(bugs.target_milestone, 'beta') > 0) OR (INSTR(bugs.priority, 'Urgent') > 0) OR (INSTR(bugs.priority, 'High') > 0))) AND bugs.creation_ts IS NOT NULL AND ((bug_group_map.group_id IS NULL) OR (bug_group_map.group_id IN (-1))) GROUP BY bugs.bug_id ORDER BY component,bug_status.sortkey,bug_status.value,priority.sortkey,priority.value,assigned_to,bug_id"] at Bugzilla/DB.pm line 1095
	Bugzilla::DB::__ANON__() called at /usr/lib/perl5/vendor_perl/5.8.8/DBIx/Timeout.pm line 31
	eval {...} called at /usr/lib/perl5/vendor_perl/5.8.8/DBIx/Timeout.pm line 31
	DBIx::Timeout::call_with_timeout('undef', 'dbh', 'Bugzilla::DB::Mysql=HASH(0x1afefb60)', 'code', 'CODE(0x1aff2b40)', 'timeout', 118) called at Bugzilla/DB.pm line 1096
	Bugzilla::DB::bz_call_with_timeout('Bugzilla::DB::Mysql=HASH(0x1afefb60)', 'DBI::st=HASH(0x1aff2b00)') called at /var/www/html/bugzilla/buglist.cgi line 960


Version-Release number of selected component (if applicable):
version 3.6.3+

How reproducible:
100%

Steps to Reproduce:
1. Logout from bugzilla
2. execute query in desc
  
Actual results:
Error 

Expected results:
Permission denied

Additional info:

Note You need to log in before you can comment on or make changes to this bug.