Patch #11818

Redmine.pm fails when permissions are NULL

Added by John Yani about 5 years ago. Updated about 5 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:SCM extra
Target version:2.1.0

Description

Steps to reproduce:

1) Setup SVN access using this guid http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl
2) Create a public project "FOO" and a corresponding svn repo
3) Remove all permissions from anonymous user
4) Add user "BAR" as a member of "FOO" project with read svn permissions
5) Execute this SQL query:

SELECT hashed_password, salt, auth_source_id, permissions
FROM projects, users, roles
WHERE users.login='BAR'
AND projects.identifier='FOO'
AND users.status=1
AND
(
  roles.id IN (
                 SELECT member_roles.role_id
                 FROM members, member_roles
                 WHERE members.user_id = users.id
                    AND members.project_id = projects.id
                    AND members.id = member_roles.member_id
              )
  OR   (
           roles.builtin=1 AND
           cast(projects.is_public as CHAR) IN ('t', '1') AND
       )
);

6) Login to http://svn_server/FOO using user "BAR" credentials

Expected behavior:

1) result of query in step 5 has 1 line with non-null permissions
2) I can browse svn via browser

Actual behavior:

1) result of query in step 5 has 2 lines one of which has null permissions
2) I see error 500 in the browser

A patch to fix this problem is attached

redmine_pm_permissions_null.patch Magnifier (512 Bytes) John Yani, 2012-09-11 23:46

Associated revisions

Revision 10375
Added by Jean-Philippe Lang about 5 years ago

Redmine.pm fails when permissions are NULL (#11818).

Contributed by John Yani.

History

#1 Updated by John Yani about 5 years ago

Remove redundant "AND" in the SQL query

#2 Updated by John Yani about 5 years ago

The error before the patch was:
Use of uninitialized value $permissions in pattern match (m//) at /usr/lib/perl5/Apache/Redmine.pm line 359, <DATA> line 522.\n

#3 Updated by sam andro about 5 years ago

  • Status changed from New to Resolved

#4 Updated by Etienne Massip about 5 years ago

  • Status changed from Resolved to New

#5 Updated by Jean-Philippe Lang about 5 years ago

  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Target version set to 2.1.0

Fix committed in r10375, thanks.

Also available in: Atom PDF