• Status Closed
  • Percent Complete
  • Task Type Bug Report
  • Category Backend/Core
  • Assigned To
  • Operating System All
  • Severity Medium
  • Priority Medium
  • Reported Version 1.0-rc7
  • Due in Version 1.0
  • Due Date Undecided
  • Votes 1
  • Private
Attached to Project: Flyspray
Opened by lynxis - 01.11.2018
Last edited by peterdd - 24.01.2019

FS#2523 - tagname length not checked (was tags containing a comma (,) produce an sql error)

flyspray version: 1.0-rc6

How to reproduce:
Create a bug with tags (preferable with spaces)
Edit this bug
Change the spaces to ‘,’ Save

Expected behaviour:
Saves the tag with comma (even ; is the correct seperator).
It looks to me, that sanitisation of user input is missing here.

Closed by  peterdd
24.01.2019 16:01
Reason for closing:  Fixed in devel
Additional comments about closing: ay/flyspray/commit/a8a3ee6984c0355ccf12e 2f5d76a4a195e3a75d7

Notice: Array to string conversion in /somepath/flyspray-1.0-rc6/includes/ on line 493 Notice: Array to string conversion in /somepath/flyspray-1.0-rc6/includes/ on line 493 Query {INSERT INTO `flyspray_list_tag` (project_id,tag_name) VALUES (?,?)} with params {2,foo bar foo, foo bar V5, foo} Failed! (Data too long for column 'tag_name' at row 1)
Project Manager

Could you please retry with a Flyspray 1.0-rc7 ? Maybe this is duplicate to  FS#2329  and that was fixed.

Project Manager

Were you using an inoffical docker image?

We're not using docker.
Now flyspray returns

"Query {INSERT INTO `flyspray_list_tag` (project_id,tag_name) VALUES (?,?)} with params {2,test, bug, to, test, if, tags, work, correctly} Failed! (Data too long for column 'tag_name' at row 1)"

This is version rc7

Project Manager

Ah, that’s another bug.

Summary adapted.


Available keyboard shortcuts


Task Details

Task Editing