Univention Bugzilla – Full Text Bug Listing |
Description
Dirk Wiesenthal
2012-08-31 11:17:26 CEST
*** Bug 28384 has been marked as a duplicate of this bug. *** (In reply to comment #0) > Wenn man zwar einen ordentlichen Objekttypen angibt, aber irgend etwas falsches > in dem Feld "Eigenschaft" angibt, kommt auch einer (ein anderer): … > LDAP_ConnectionError: Bad search filter Das ist das Problem aus Bug #28384: (In reply to comment #0) > Momentan wird der objectPropertyValue wert nicht escaped, sodass eine Anfrage, > die reservierte ldap suchfilter Zeichen (z.b: klammern () ) enthält schiefgeht. > > {"container":"all","objectType":"users/user","objectProperty":"username","objectPropertyValue":"()"} Stimmt, der Fehlerfall wird nicht abgefangen beim Auslesen des Formulars. Dort fehlt eine JS-seitige Prüfung auf get('status') um invalide Eingaben zu erkennen. Die entsprechende Suchanfrage sieht wie folgt aus: { "options":{ "objectType":"", "objectProperty":"None", "objectPropertyValue":"", "container":"cn=dhcp,dc=univention,dc=qa" }, "flavor":"navigation" } We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2. As such, this bug is moved to the new target milestone. We received the second traceback again (3.2-0 errata108 (Borgfeld)). reported again. Reported 4 times again: Remark: List "Computers" in UMC Remark: Es wurde nach dem Drucker osvogd10 gesucht. *** Bug 36956 has been marked as a duplicate of this bug. *** Got it, both tracebacks can be reproduced: First traceback: curl 'http://10.200.27.5/umcp/command/udm/nav/object/query' -H 'Content-Type: application/json' -H 'Cookie: UMCSessionId=420d1f50-7bea-40c3-b555-9e43d91e03ac;' --data-binary '{"options":{"objectType":"","objectProperty":"None","objectPropertyValue":"","container":"dc=ucs,dc=dev","hidden":true},"flavor":"navigation"}' Second Traceback: curl 'http://10.200.27.5/umcp/command/udm/nav/object/query' -H 'Content-Type: application/json' -H 'Cookie: UMCSessionId=4636b03a-3f70-4b10-87b8-338aaeaffc3b; ' --data-binary '{"options":{"objectType":"computers/computer","objectProperty":"asdf(","objectPropertyValue":"asdf","container":"dc=ucs,dc=dev","hidden":true},"flavor":"navigation"}' umc-command -U Administrator -P univention udm/nav/object/query -f navigation -e -o '{"objectType":"","objectProperty":"None","objectPropertyValue":"","container":"dc=ucs,dc=dev","hidden":True}' umc-command -U Administrator -P univention udm/nav/object/query -f navigation -e -o '{"objectType":"computers/computer","objectProperty":"asdf(","objectPropertyValue":"asdf","container":"dc=ucs,dc=dev","hidden":True}' Bad search filter-TB was reported by 3.2-1 errata217 (Borgfeld). The first traceback is now prevented via JS. After inserting a wrong object type the combobox resets the value to the first one. The backend fix is better done at Bug #37118 because it can occur in many various ways. The second traceback is prevented in the backend by using sanitizers which prevent inserting invalid ldap attribute names. Package: univention-management-console-module-udm (5.1.25-8) YAML: 2014-11-25-univention-management-console-module-udm.yaml Downgradeable to UCS 3.2-4: the JavaScript part: easy, backend: not necessary Reproduceable: Comment #10 Works as expected. Not possible to provoke by the frontend, prevented by the backend anyway. (In reply to Florian Best from comment #7) > Reported 4 times again: > > Remark: > List "Computers" in UMC Amd now! I also understand how he provoked this. If there are a lot of objects and the search query is not yet finished answered, and the form not initialized this error occurred. Reported again, 3.2-5 errata340 (Borgfeld). (In reply to Florian Best from comment #15) > > Reported 4 times again: > > Remark: > > List "Computers" in UMC > I also understand how he provoked this. If there are a lot of > objects and the search query is not yet finished answered, and the form not > initialized this error occurred. yes, the following remark also shows this: Remark: Diese Fehler passiert fast immer nur beim ersten Aufruf des Rechner-Tabs, nach der Anmeldung an der UMC. Beim erneuten Suchvorgang kommt die Fehlermeldung nicht. Reported again, 3.2-3 errata181 (Borgfeld) |