Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0006531TestLinkCustom fieldspublic2014-08-25 18:532014-09-27 16:42
Reportercsalter 
Assigned Tofman 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.11 (2014 Q2 - bug fixing) 
Fixed in Version1.9.12 (2014 Q3) 
Summary0006531: Apostrophe in test case custom field string, list, multiselection list causes DB errors, bad filtering, etc
DescriptionIf a custom field's value on a test case includes an apostrophe (e.g. "They're crazy") you get errors when saving the test case, and if you try to filter the test case list using a value containing an apostrophe, no values are returned even if the string matches
Steps To Reproduce3 versions. 1: Create a custom field of type string for test cases, assign it to the project, edit a test case and set the value of that custom field to the string "they're crazy" (or anything else containing an apostrophe).

2 and 3: Create a custom field of type list or multiselection list, add a value containing an apostrophe, assign it to the project, edit a test case, and select the value containing an apostrophe.

Save the test case, observe error message in top-left corner.

Now go somewhere (anywhere) that allows you to filter the list of test cases and try to filter it based on a custom value containing an apostrophe. No results will be returned even if the string matches.
Additional InformationHere's the error message I get:

==============================================================================
 DB Access Error - debug_print_backtrace() OUTPUT START
 ==============================================================================
#0 database->exec_query() called at [C:\Bitnami\testlink-1.9.11-0\apps\testlink\htdocs\lib\functions\database.class.php:597]
#1 database->fetchColumnsIntoArray() called at [C:\Bitnami\testlink-1.9.11-0\apps\testlink\htdocs\lib\functions\treeMenu.inc.php:1060]
0000002 filter_by_cf_values() called at [C:\Bitnami\testlink-1.9.11-0\apps\testlink\htdocs\lib\functions\treeMenu.inc.php:984]
0000003 filter_by_cf_values() called at [C:\Bitnami\testlink-1.9.11-0\apps\testlink\htdocs\lib\functions\treeMenu.inc.php:2007]
0000004 generateTestSpecTreeNew() called at [C:\Bitnami\testlink-1.9.11-0\apps\testlink\htdocs\lib\functions\treeMenu.inc.php:74]
0000005 generateTestSpecTree() called at [C:\Bitnami\testlink-1.9.11-0\apps\testlink\htdocs\lib\functions\tlTestCaseFilterControl.class.php:976]
0000006 tlTestCaseFilterControl->build_tree_menu() called at [C:\Bitnami\testlink-1.9.11-0\apps\testlink\htdocs\lib\testcases\listTestCases.php:22]
 ==============================================================================


Based on the behaviour I've seen, I'm assuming it's probably a SQL injection risk. If it only occurred on the list or multiselection list, it wouldn't be too severe since it would require the administrator to enter bad values, but since the same problem appears with string fields, it seems like giving it a severity of "major" is probably justified.
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
BrowserChrome
PHP Version
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files

- Relationships
child of 0006457closedfman Availables hot-fixes for 1.9.11 & How To get full fixed package from gitorious 

-  Notes
(0021522)
fman (administrator)
2014-08-31 17:23

https://gitorious.org/testlink-ga/testlink-code/commit/f4174bdec9f178137a17d53d68cfeb41b490fbb1 [^]
(0021717)
fman (administrator)
2014-09-27 16:42

Release done

- Issue History
Date Modified Username Field Change
2014-08-25 18:53 csalter New Issue
2014-08-31 17:22 fman QA Team - Task Workflow Status => READY FOR TESTING
2014-08-31 17:22 fman Fixed in Version => 1.9.12 (2014 Q3)
2014-08-31 17:23 fman Note Added: 0021522
2014-08-31 17:23 fman Status new => resolved
2014-08-31 17:23 fman Resolution open => fixed
2014-08-31 17:23 fman Assigned To => fman
2014-08-31 17:23 fman Relationship added child of 0006457
2014-09-27 16:42 fman Note Added: 0021717
2014-09-27 16:42 fman Status resolved => closed



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker