cubicweb #1751141 rql2sql crash (probably a security insertion related bug) [open]
As of complexunits e937d153483c we get following traceback when the request is performed by a pfolio_manager (not the case with a manager, hence the security hypothesis)
2011-06-08 16:07:37 - (cubicweb.repository) ERROR: unexpected error while executing Any X,AA,AB,AC,AD,AE,AF,AG,AH,AI,AJ,AK,AL WHERE X eid %(x)s, X is GTSegment, X segment_of AA?, AA name AB, AA power_output AC?, AC modification_date AD, AA min_uptime AE, AA min_downtime AF, AA convex_heatrate_curve AG, AA modification_date AH, X order AI, X max_ramp_up AJ, X max_ramp_down AK, X modification_date AL with {u'I': 4744, 'x': 3156, u'A': 4744, u'E': 4744, u'D': 4744}
Traceback (most recent call last):
File "/home/florent/Pylos/cubicweb/server/repository.py", line 733, in execute
build_descr)
File "/home/florent/Pylos/cubicweb/server/querier.py", line 731, in execute
results = plan.execute()
File "/home/florent/Pylos/cubicweb/server/querier.py", line 202, in execute
result = step.execute()
File "/home/florent/Pylos/cubicweb/server/ssplanner.py", line 421, in execute
inputmap)
File "/home/florent/Pylos/cubicweb/server/sources/native.py", line 513, in syntax_tree_search
sql, qargs, cbs = self._rql_sqlgen.generate(union, args, varmap)
File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 737, in generate
sql = self.union_sql(union)
File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 751, in union_sql
return self.select_sql(union.children[0], needalias)
File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 833, in select_sql
needalias or needwrap)
File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 908, in _solutions_sql
sql = [self._selection_sql(select.selection, distinct, needalias)]
File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 928, in _selection_sql
sql = term.accept(self)
File "<string>", line 1, in <lambda>
File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 1447, in visit_variableref
return variableref.variable.accept(self)
File "<string>", line 1, in <lambda>
File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 1474, in visit_variable
sql = self._linked_var_sql(variable)
File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 1593, in _linked_var_sql
% variable.name)
BadRQLQuery: variable AD should be selected by the subquery
| |
| priority | normal |
|---|---|
| type | bug |
| done in | <not specified> |
| load | 0.500 |
| load left | 0.500 |
| closed by | <not specified> |
similar entities
- cubicweb #246942 supporting aggregates in SET queries
- cubicweb #1697862 ORDERBY SUM(C) seems to cancel GROUPBY
- cubicweb #1698245 Convert __message to _cwmsgid to increase security
- cubicweb #509109 transitivity of relationships
- cubicweb #1381390 Implement HTTP Strict Transport Security for https
[see all]