Description of problem: Checking input on Search (Days Since Last Checked-in & Days Since First Registered) does not detect "<3" as incorrect input and returns ISE. Other toxic characters that can sneak behind detection are ">{}()", (they have to be used in conjunction with number). Also, parameters passed trough GET are not checked and leads to ISE even in cases they would be rejected if submitted by POST. Version-Release number of selected component (if applicable): Spacewalk 1.7, Nightly How reproducible: always/deterministic Steps to Reproduce: 1. Go to Search 2. Pick "Days Since Last Checked-in" (or "Days Since First Registered") 3. Use "<3" as search term. Actual results: System is crushed (ISE) under weight of your feelings. Expected results: System should explain to you, that your feelings are inappropriate, or that this field is not meant for you to express them. Additional info: This is not a regression. Side effect of system's hurt feelings is NumberFormatException in catalina.out: > 2012-03-19 10:22:20,058 [TP-Processor8] ERROR com.redhat.rhn.frontend.servlets.SessionFilter - Error during transaction. Rolling back > javax.servlet.ServletException: java.lang.NumberFormatException: For input string: "<3" > at org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:520) ... > Caused by: java.lang.NumberFormatException: For input string: "<3" > at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) > at java.lang.Integer.parseInt(Integer.java:481) ...
spacewalk.git: bcc055b02eb13c7ac5d38cdb7a2b5f1be52df8db
This is Spacewalk bugzilla -- could we have it public?
Moving ON_QA. Packages that address this bugzilla should now be available in yum repos at http://yum.spacewalkproject.org/nightly/
Spacewalk 1.8 has been released: https://fedorahosted.org/spacewalk/wiki/ReleaseNotes18