Page MenuHomePhabricator
Differential D19768

Fix a bug where "View as Query" could replace a saved query row by ID, causing workboard 404s
ClosedPublic
Actions

Authored by epriestley on Nov 1 2018, 12:28 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jan 7, 12:07 AM
Unknown Object (File)
Wed, Dec 25, 2:00 PM
Unknown Object (File)
Thu, Dec 19, 2:24 PM
Unknown Object (File)
Fri, Dec 13, 10:44 PM
Unknown Object (File)
Dec 7 2024, 11:53 PM
Unknown Object (File)
Dec 3 2024, 2:45 PM
Unknown Object (File)
Dec 1 2024, 11:39 AM
Unknown Object (File)
Nov 27 2024, 6:28 AM
View All Files
Subscribers
Restricted Owners Package

Details

Reviewers
amckinley
joshuaspence
Maniphest Tasks
T13208: Workboard queries may vanish or fail to persist (spooky)
Commits
rP5d4970d6b24a: Fix a bug where "View as Query" could replace a saved query row by ID, causing…
Summary

Fixes T13208. See that task for details.

The clone $query line is safe if $query is a builtin query (like "open").

However, if it's a saved query we clone not only the query parameters but the ID, too. Then when we save() the query later, we overwrite the original query.

So this would happen in the database. First, you run a query and save it as the workboard default (query key "abc123"):

123abc123{"...xxx..."}

Then we clone it and change the parameters, and save() it. But that causes an UPDATE ... WHERE id = 123 and the table now looks like this:

123def456{"...yyy..."}

What we want is to create a new query instead, with an INSERT ...:

123abc123{"...xxx..."}
124def456{"...yyy..."}
Test Plan
  • Followed reproduction steps from above.
    • With just the new save() guard, hit the guard error.
    • With the newCopy(), got a new copy of the query and "View as Query" remained functional without overwriting the original query row.
  • Ran migration, saw an affected board get fixed.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Nov 1 2018, 12:28 AM
Owners added a subscriber: Restricted Owners Package.Nov 1 2018, 12:28 AM
Harbormaster completed remote builds in B21067: Diff 47219.Nov 1 2018, 12:29 AM
epriestley requested review of this revision.Nov 1 2018, 12:29 AM
epriestley mentioned this in T13208: Workboard queries may vanish or fail to persist (spooky).Nov 1 2018, 12:33 AM
epriestley marked an inline comment as done.Nov 1 2018, 12:37 AM
epriestley added inline comments.
src/applications/search/engine/PhabricatorApplicationSearchEngine.php
106–112

This should prevent this class of bug from ever occurring again. I made an effort to grep for other misuses of clone but didn't turn any up.

joshuaspence accepted this revision.Nov 1 2018, 1:58 AM
This revision is now accepted and ready to land.Nov 1 2018, 1:58 AM
Closed by commit rP5d4970d6b24a: Fix a bug where "View as Query" could replace a saved query row by ID, causing… (authored by epriestley). · Explain WhyNov 1 2018, 12:44 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
resources/
sql/
autopatches/
50 lines
src/
applications/
project/
controller/
2 lines
search/
engine/
8 lines
storage/
7 lines

Diff 47222

View Options

resources/sql/autopatches/20181031.board.01.queryreset.php

Loading...
View Options

src/applications/project/controller/PhabricatorProjectBoardViewController.php

Loading...
View Options

src/applications/search/engine/PhabricatorApplicationSearchEngine.php

Loading...
View Options

src/applications/search/storage/PhabricatorSavedQuery.php

Loading...
Phabricator · Built by Phacility