Hi!
Recently the manage_app_versions.php suddenly messed up our app_version table. All 'deprecated' flags together with all min and max client version
specifications were gone (i.e. set to 0). Work was sent out with app versions it was never meant to be. The damage couldn't be repaired using this
same page. I spent half a night to manually fix the table in the DB.
This could happen to every unsuspecting project at an unforeseeable time,
leaving no obvious way to fix it.
Here's why:
- the form in the page builds a POST string containing elements for ALL rows in the app_versions table, i.e. the size of the POST string grows with
the table length
- of course the length of the POST buffer is limited (in the Apache
configuration IIRC)
- the current way the POST string is interpreted has no way to distinguish
between a value of zero and a value not being given at all.
Consequently all values that are missing e.g. because of a truncated POST string are assumed to be 0 and entered in the DB as such. As there is no way
to shorten the POST string, there is not even a way to correct such errors using that page.
For us this happened with 436 app versions in the table, but this number is really arbitrary. The length of the (resulting) POST string e.g. depends
on how many of these versions are (already) deprecated.
Most of our app versions relate to older apps that are now deprecated. So for us and for now the quick workaround was to skip the versions of
deprecated apps (patch 0001), both when showing the list and when processing the form. This, however, is dangerous: It relies on the 'deprecated'
status not changing between these two queries: when the list to be shown is built and when the updates are performed.
In order to prevent the page from completely messing up the table, I added a small check for 'completeness' of the POST string (patch 0002). This adds
a hidden element (presumably) at the end of the POST string and prevents any updates from being executed when this end tag didn't make it through.
All of these measurements, however, don't really fix the root problem. To do that one would need to rewrite the whole mechanism how the information
which updates are to be performed is passed. I don't really have time for this now, maybe someone else has.
Best,
Bernd
>From ef89a6574f59137ce8c863e78e4e045c9a0d81fb Mon Sep 17 00:00:00 2001
From: Bernd Machenschalk <[email protected]>
Date: Wed, 26 Jun 2013 13:28:45 +0000
Subject: [PATCH 1/2] manage_app_versions.php: only manage versions of
non-deprecated apps
---
ops/manage_app_versions.php | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ops/manage_app_versions.php b/ops/manage_app_versions.php
index 6244438..09df571 100644
--- a/ops/manage_app_versions.php
+++ b/ops/manage_app_versions.php
@@ -81,6 +81,9 @@ if( !empty($_POST) ) {
$item=mysql_fetch_object($result);
$id=$item->id;
+ // skip versions of deprecated apps
+ if($app_off[$item->appid]) continue;
+
/* Delete this entry? */
$field="delete_".$id;
if ($_POST[$field]=='DELETE' ) {
@@ -165,6 +168,9 @@ for($j=1;$j<=$Nrow;$j++){
$item=mysql_fetch_object($result);
$id=$item->id;
+ // skip versions of deprecated apps
+ if($app_off[$item->appid]) continue;
+
// grey-out deprecated versions
$f1=$f2='';
if($item->deprecated==1) {
--
1.8.2.3
>From b2f351aeaf97b8babd95f2f116c953cefd275922 Mon Sep 17 00:00:00 2001
From: Bernd Machenschalk <[email protected]>
Date: Thu, 27 Jun 2013 08:52:58 +0000
Subject: [PATCH 2/2] manage_app_versions.php: added a check for the POST
string not being truncated
---
ops/manage_app_versions.php | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/ops/manage_app_versions.php b/ops/manage_app_versions.php
index 09df571..908317c 100644
--- a/ops/manage_app_versions.php
+++ b/ops/manage_app_versions.php
@@ -74,6 +74,8 @@ $commands="";
if( !empty($_POST) ) {
+ if ( isset($_POST["content"]) && ($_POST["content"]=="complete") ) {
+
$result = mysql_query("SELECT * FROM app_version");
$Nrow=mysql_num_rows($result);
@@ -130,6 +132,13 @@ if( !empty($_POST) ) {
} else {
$commands .= "<P><pre>couldn't touch $cwd/../../reread_db</pre></P>\n";
}
+
+ } else {
+
+ $commands = "\nERROR: POST string has been truncated, no action
performed\n";
+ $commands .= "Increase the POST buffer size, deprecate unused apps or
delete rows from the app_versin table\n\n";
+
+ }
}
@@ -225,7 +234,7 @@ echo "<tr><td colspan=7><font color='RED'><sup>*</sup>
end_table();
-
+echo "<input type=\"hidden\" name=\"content\" value=\"complete\">\n";
echo "</form><P>\n";
admin_page_tail();
--
1.8.2.3
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
