Bug#523516: Upgrading to roundup 1.4.4-4+lenny1 breaks pagination entirely

[Asheesh Laroia]

Package: roundup
Version: 1.4.4-4+lenny1
Severity: grave

Howdy!

I just upgraded to 1.4.4-4+lenny1 to fix the security issues.

However, it broke pagination entirely; when going to queries like 
http://code.creativecommons.org/issues/issue?status=-1,1,2,3,4,5,6,7&@sort=-activity&@search_text=&@dispname=Show%20All&@filter=status&@group=priority&@columns=id,activity,title,creator,assignedto,status&@pagesize=50&@startwith=0&assignedto=5
 
, Roundup would only show me seven results.

I created a local 1.4.4-4+lenny1.1 that removes 
19_bogus_pagination_request.dpatch from debian/patches/00list and rebuilt 
the package, and now pagination works properly for me.

I have to run for now, but I think that some quick experimentation should 
allow you to reproduce this. I have a hunch that the problem is that this 
code is suspect:

-                self.pagesize = int(self.form[name].value)
+                try:
+                    self.pagesize = int(self.form.getfirst(name))

should it not be:

-                self.pagesize = int(self.form[name].value)
+                try:
+                    self.pagesize = int(self.form[name].value)

?

Anyway, upstream's bug tracker is down so I can't check. But this security 
package introduced some pretty tragic breakage!

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages roundup depends on:
ii  adduser                       3.110      add and remove users and groups
ii  python                        2.5.2-3    An interactive high-level object-o
ii  python-central                0.6.8      register and build utility for Pyt

roundup recommends no packages.

Versions of packages roundup suggests:
ii  libapache2-mod-python      3.3.1-7       Python-embedding module for Apache
ii  python-gdbm                2.5.2-1       GNU dbm database support for Pytho
ii  python-mysqldb             1.2.2-7       A Python interface to MySQL
ii  python-openssl             0.7-2         Python wrapper around the OpenSSL 
ii  python-psycopg2            2.0.7-4       Python module for PostgreSQL
ii  python-pyme                0.8.1+clean-1 Python interface to the GPGME GnuP
ii  python-sqlite              1.0.1-7       python interface to SQLite 2
ii  python-tz                  2008c-2       Python version of the Olson timezo
ii  python-xapian              1.0.7-3.1     Xapian search engine interface for
ii  runit                      2.0.0-1       a UNIX init scheme with service su

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org