Re: xml-rpc
- From: Andrew Sobala <aes gnome org>
- To: Luis Villa <louie novell com>
- Cc: gnome bugmaster <bugmaster gnome org>, bugsquad <gnome-bugsquad gnome org>
- Subject: Re: xml-rpc
- Date: Sat, 10 Jul 2004 01:40:24 +0100
On Fri, 2004-07-09 at 02:12, Luis Villa wrote:
> sending this to bugsquad and bugmaster because I'm not sure everyone
> relevant is on bugmaster.
>
> The attached is a single, drop-in file that supposedly does XML RPC. I
> got it from a gcc bugzilla hacker; he backported it from RH bugzilla to
> 2.16. I haven't tested it at all, though, and frankly know ~squat about
> xml-rpc :) Does anyone think they'll have time to look at this? If
> not... I'm real tempted to go ahead, throw it on bugzilla, and see what
> happens.
>
> thoughts? plans? screams?
It's late, I am not a security expert, but looking through the file it
looks like it doesn't have any blatant security holes. The obvious
gotchas ("SqlQuote, what's that?") have been covered, at any rate, and
it looks like it checks if bugzilla wants authentication for stuff where
a bugzilla installation might be configured such that it does.
Other thoughts:
* We should fill out the customfields with default values when creating
a new bug.
* In fact, there are chunks of the file where I would expect to see a
few lines of "... and the customfields stuff" if it was anywhere else in
bugzilla, like when returning query info, but this is a bit more
blue-sky.
* We should sort out the new bug NEW/UNCONFIRMED behaviour when
submitting via XML-RPC.
'night.
--
Andrew
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
