cubicweb #1751141 rql2sql crash (probably a security insertion related bug) [open]
As of complexunits e937d153483c we get following traceback when the request is performed by a pfolio_manager (not the case with a manager, hence the security hypothesis) 2011-06-08 16:07:37 - (cubicweb.repository) ERROR: unexpected error while executing Any X,AA,AB,AC,AD,AE,AF,AG,AH,AI,AJ,AK,AL WHERE X eid %(x)s, X is GTSegment, X segment_of AA?, AA name AB, AA power_output AC?, AC modification_date AD, AA min_uptime AE, AA min_downtime AF, AA convex_heatrate_curve AG, AA modification_date AH, X order AI, X max_ramp_up AJ, X max_ramp_down AK, X modification_date AL with {u'I': 4744, 'x': 3156, u'A': 4744, u'E': 4744, u'D': 4744} Traceback (most recent call last): File "/home/florent/Pylos/cubicweb/server/repository.py", line 733, in execute build_descr) File "/home/florent/Pylos/cubicweb/server/querier.py", line 731, in execute results = plan.execute() File "/home/florent/Pylos/cubicweb/server/querier.py", line 202, in execute result = step.execute() File "/home/florent/Pylos/cubicweb/server/ssplanner.py", line 421, in execute inputmap) File "/home/florent/Pylos/cubicweb/server/sources/native.py", line 513, in syntax_tree_search sql, qargs, cbs = self._rql_sqlgen.generate(union, args, varmap) File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 737, in generate sql = self.union_sql(union) File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 751, in union_sql return self.select_sql(union.children[0], needalias) File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 833, in select_sql needalias or needwrap) File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 908, in _solutions_sql sql = [self._selection_sql(select.selection, distinct, needalias)] File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 928, in _selection_sql sql = term.accept(self) File "<string>", line 1, in <lambda> File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 1447, in visit_variableref return variableref.variable.accept(self) File "<string>", line 1, in <lambda> File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 1474, in visit_variable sql = self._linked_var_sql(variable) File "/home/florent/Pylos/cubicweb/server/sources/rql2sql.py", line 1593, in _linked_var_sql % variable.name) BadRQLQuery: variable AD should be selected by the subquery | |
priority | normal |
---|---|
type | bug |
done in | <not specified> |
load | 0.500 |
load left | 0.500 |
closed by | <not specified> |
similar entities
- cubicweb #246942 supporting aggregates in SET queries
- cubicweb #1697862 ORDERBY SUM(C) seems to cancel GROUPBY
- cubicweb #1698245 Convert __message to _cwmsgid to increase security
- cubicweb #509109 transitivity of relationships
- cubicweb #1381390 Implement HTTP Strict Transport Security for https
[see all]