Patch #11818
closed
Redmine.pm fails when permissions are NULL
0%
Description
Steps to reproduce:
1) Setup SVN access using this guid http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl
2) Create a public project "FOO" and a corresponding svn repo
3) Remove all permissions from anonymous user
4) Add user "BAR" as a member of "FOO" project with read svn permissions
5) Execute this SQL query:
SELECT hashed_password, salt, auth_source_id, permissions
FROM projects, users, roles
WHERE users.login='BAR'
AND projects.identifier='FOO'
AND users.status=1
AND
(
roles.id IN (
SELECT member_roles.role_id
FROM members, member_roles
WHERE members.user_id = users.id
AND members.project_id = projects.id
AND members.id = member_roles.member_id
)
OR (
roles.builtin=1 AND
cast(projects.is_public as CHAR) IN ('t', '1') AND
)
);
6) Login to http://svn_server/FOO using user "BAR" credentials
Expected behavior:
1) result of query in step 5 has 1 line with non-null permissions
2) I can browse svn via browser
Actual behavior:
1) result of query in step 5 has 2 lines one of which has null permissions
2) I see error 500 in the browser
A patch to fix this problem is attached
Files
Updated by John Yani about 13 years ago
The error before the patch was:Use of uninitialized value $permissions in pattern match (m//) at /usr/lib/perl5/Apache/Redmine.pm line 359, <DATA> line 522.\n
Updated by sam andro
Updated by Etienne Massip about 13 years ago
- Status changed from Resolved to New
Updated by Jean-Philippe Lang about 13 years ago
- Status changed from New to Closed
- Assignee set to Jean-Philippe Lang
- Target version set to 2.1.0
Fix committed in r10375, thanks.