Flyspray - The bug killer!

  • Status Confirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Backend/Core
  • Assigned To
    peterdd
  • Operating System All
  • Severity Medium
  • Priority Medium
  • Reported Version 1.0-rc7
  • Due in Version 1.0
  • Due Date Undecided
  • Votes 1
  • Private
Attached to Project: Flyspray - The bug killer!
Opened by lynxis - 01.11.2018
Last edited by peterdd - 07.11.2018

FS#2523 - tagname length not checked (was tags containing a comma (,) produce an sql error)

flyspray version: 1.0-rc6

How to reproduce:
Create a bug with tags (preferable with spaces)
Edit this bug
Change the spaces to ‘,’ Save

Expected behaviour:
Saves the tag with comma (even ; is the correct seperator).
It looks to me, that sanitisation of user input is missing here.

lynxis commented on 01.11.2018 21:43
Notice: Array to string conversion in /somepath/flyspray-1.0-rc6/includes/modify.inc.php on line 493 Notice: Array to string conversion in /somepath/flyspray-1.0-rc6/includes/modify.inc.php on line 493 Query {INSERT INTO `flyspray_list_tag` (project_id,tag_name) VALUES (?,?)} with params {2,foo bar foo, foo bar V5, foo} Failed! (Data too long for column 'tag_name' at row 1)
Project Manager
peterdd commented on 02.11.2018 03:47

Could you please retry with a Flyspray 1.0-rc7 ? Maybe this is duplicate to  FS#2329  and that was fixed.

Project Manager
peterdd commented on 02.11.2018 08:37

Were you using an inoffical docker image?

lynxis commented on 05.11.2018 07:30

We're not using docker.
Now flyspray returns

"Query {INSERT INTO `flyspray_list_tag` (project_id,tag_name) VALUES (?,?)} with params {2,test, bug, to, test, if, tags, work, correctly} Failed! (Data too long for column 'tag_name' at row 1)"

lynxis commented on 05.11.2018 07:32

This is version rc7

Project Manager
peterdd commented on 07.11.2018 13:43

Ah, that’s another bug.

Summary adapted.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing