Bug 84709 - ui.admin.UserForm forms filter incorrectly, causing edit of users with negative userIDs to fail
Summary: ui.admin.UserForm forms filter incorrectly, causing edit of users with negati...
Alias: None
Product: Red Hat Web Application Framework
Classification: Retired
Component: ui
Version: nightly
Hardware: powerpc
OS: Linux
Target Milestone: ---
Assignee: Richard Li
QA Contact: Jon Orris
Depends On:
TreeView+ depends on / blocked
Reported: 2003-02-20 20:18 UTC by Oliver Stewart
Modified: 2007-04-18 16:51 UTC (History)
0 users

Fixed In Version: @27513
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2006-08-01 14:37:19 UTC

Attachments (Terms of Use)

Description Oliver Stewart 2003-02-20 20:18:56 UTC
Description of problem:
At com.arsdigita.ui.admin.UserForm.java:258:
            query.addFilter("userID != " + userID);

addFilter is called by appending a string from a request parameter.  This fails
for negative numbers, because the negative sign is interpreted as part of the
'!=' operator (i.e. as '!=-').  userID should be passed to the filter using a
bind variable:
Filter filter = query.addFilter("userID != :userID");
filter.set("userID", userID);

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Login as the administrator user
2. Navigate to the admin UI (<site_root>/admin/)
3. Browse Users
4. Select a User with a negative User ID
5. Click Edit User
6. Modify an attribute, and click Save

The error occurs.
Actual results:
A PersistenceException is thrown.

Expected results:
The user information should be modified.

Comment 1 Richard Li 2003-02-20 21:20:54 UTC
You get +2 karma for the catch.

[16:15] <richardl_home> ccmbot: rank ostewart
[16:15] <ccmbot> ostewart has 2 points of karma (rank 243).

Comment 2 Richard Li 2003-02-20 21:29:28 UTC
Fixed @27513. Should show up in the nightlies.

Note You need to log in before you can comment on or make changes to this bug.