Project

General

Profile

Actions
Copy link

Patch #21312

closed

Fix exception in Redmine.pm when authenticating anonymous users

Added by Holger Just almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
SCM extra
Target version:
2.6.9
Start date:
Due date:
% Done:

0%

Estimated time:

Description

The is_member function in Redmine.pm searches users which have the required permissions to access the repository. The used SQL however doesn't restrict the returned data to actual users but includes groups as well. This results in the following exception:

[perl:error] [pid 29442] [client 127.0.0.1:49599] Use of uninitialized value $salt in concatenation (.) or string at /usr/share/perl5/Apache/Redmine.pm line 483.\n

If the user doesn't provide a login here, it defaults to an empty string in the query. Unfortunately, an empty login applies to both the Anonymous user as well as all groups. Thus, if there are any groups, this can result in multiple lines being returned as a SQL result set that do not belong to actual users.

The attached patch by Planio fixes the SQL query so that only actual users are queried here.

Files

0001-Only-select-actual-users-from-the-database-in-Redmin.patch (871 Bytes) 0001-Only-select-actual-users-from-the-database-in-Redmin.patch Holger Just, 2015-11-24 15:03
Actions
Copy link
 #1

Updated by Jan from Planio www.plan.io almost 9 years ago

  • Target version set to Candidate for next minor release
Actions
Copy link
 #2

Updated by Jean-Philippe Lang almost 9 years ago

  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 2.6.9
Actions
Copy link
 #3

Updated by Jean-Philippe Lang almost 9 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF