Bug#523516: Upgrading to roundup 1.4.4-4+lenny1 breaks pagination entirely

Thu, 23 Apr 2009 07:39:36 -0700 

tags 523516 + patch
thanks

Hi,

On Fri, Apr 10, 2009 at 12:21:57PM -0700, Asheesh Laroia wrote:
> I just upgraded to 1.4.4-4+lenny1 to fix the security issues.
> 
> However, it broke pagination entirely; when going to queries like 
> http://code.creativecommons.org/issues/issue?status=-1,1,2,3,4,5,6,7&@sort=-activity&@search_text=&@dispname=Show%20All&@filter=status&@group=priority&@columns=id,activity,title,creator,assignedto,status&@pagesize=50&@startwith=0&assignedto=5
>  
> , Roundup would only show me seven results.

I can reproduce that behavior with my setup.

> I have to run for now, but I think that some quick experimentation should 
> allow you to reproduce this. I have a hunch that the problem is that this 
> code is suspect:
> 
> -                self.pagesize = int(self.form[name].value)
> +                try:
> +                    self.pagesize = int(self.form.getfirst(name))
> 
> should it not be:
> 
> -                self.pagesize = int(self.form[name].value)
> +                try:
> +                    self.pagesize = int(self.form[name].value)
> 
> ?

Nope, the problem is that the value of the 'startwith' parameter is
assigned to the 'pagesize' member variable (in the other part of that
patch that you did not quote). I'm not sure about the difference between
self.form[name].value and self.form.getfirst(name) - in any case, this
is unrelated to this bug.

Attached is a trivial patch against version 1.4.4-4+lenny1 of the Debian
package to fix this.

Cheers,
Sebastian

-- 
Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/

Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety.         -- Benjamin Franklin


--- debian/patches/19_bogus_pagination_request.dpatch.orig	2009-04-23 16:16:21.000000000 +0200
+++ debian/patches/19_bogus_pagination_request.dpatch	2009-04-23 16:16:53.000000000 +0200
@@ -27,7 +27,7 @@
                  self.special_char = name[0]
 -                self.startwith = int(self.form[name].value)
 +                try:
-+                    self.pagesize = int(self.form.getfirst(name))
++                    self.startwith = int(self.form.getfirst(name))
 +                except ValueError:
 +                    # Not an integer. XXX report to user somehow?
 +                    pass

Attachment: signature.asc
Description: Digital signature

Reply via email to