Patch #11818
closed
Redmine.pm fails when permissions are NULL
0%
Description
Steps to reproduce:
1) Setup SVN access using this guid http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl
2) Create a public project "FOO" and a corresponding svn repo
3) Remove all permissions from anonymous user
4) Add user "BAR" as a member of "FOO" project with read svn permissions
5) Execute this SQL query:
SELECT hashed_password, salt, auth_source_id, permissions
FROM projects, users, roles
WHERE users.login='BAR'
AND projects.identifier='FOO'
AND users.status=1
AND
(
roles.id IN (
SELECT member_roles.role_id
FROM members, member_roles
WHERE members.user_id = users.id
AND members.project_id = projects.id
AND members.id = member_roles.member_id
)
OR (
roles.builtin=1 AND
cast(projects.is_public as CHAR) IN ('t', '1') AND
)
);
6) Login to http://svn_server/FOO using user "BAR" credentials
Expected behavior:
1) result of query in step 5 has 1 line with non-null permissions
2) I can browse svn via browser
Actual behavior:
1) result of query in step 5 has 2 lines one of which has null permissions
2) I see error 500 in the browser
A patch to fix this problem is attached
Files
Updated by John Yani almost 13 years ago
Remove redundant "AND" in the SQL query
Updated by John Yani almost 13 years ago
The error before the patch was:Use of uninitialized value $permissions in pattern match (m//) at /usr/lib/perl5/Apache/Redmine.pm line 359, <DATA> line 522.\n
Updated by sam andro
Updated by Etienne Massip almost 13 years ago
- Status changed from Resolved to New
Updated by Jean-Philippe Lang almost 13 years ago
- Status changed from New to Closed
- Assignee set to Jean-Philippe Lang
- Target version set to 2.1.0
Fix committed in r10375, thanks.