1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 14:52:41 +01:00
phorge-phorge/resources/sql
epriestley 5d4970d6b2 Fix a bug where "View as Query" could replace a saved query row by ID, causing workboard 404s
Summary:
Fixes T13208. See that task for details.

The `clone $query` line is safe if `$query` is a builtin query (like "open").

However, if it's a saved query we clone not only the query parameters but the ID, too. Then when we `save()` the query later, we overwrite the original query.

So this would happen in the database. First, you run a query and save it as the workboard default (query key "abc123"):

| 123 | abc123 | {"...xxx..."} |

Then we `clone` it and change the parameters, and `save()` it. But that causes an `UPDATE ... WHERE id = 123` and the table now looks like this:

| 123 | def456 | {"...yyy..."} |

What we want is to create a new query instead, with an `INSERT ...`:

| 123 | abc123 | {"...xxx..."} |
| 124 | def456 | {"...yyy..."} |

Test Plan:
  - Followed reproduction steps from above.
    - With just the new `save()` guard, hit the guard error.
    - With the `newCopy()`, got a new copy of the query and "View as Query" remained functional without overwriting the original query row.
  - Ran migration, saw an affected board get fixed.

Reviewers: amckinley, joshuaspence

Reviewed By: joshuaspence

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13208

Differential Revision: https://secure.phabricator.com/D19768
2018-11-01 05:44:49 -07:00
..
autopatches Fix a bug where "View as Query" could replace a saved query row by ID, causing workboard 404s 2018-11-01 05:44:49 -07:00
patches Remove a very old Herald garbage collection migration 2018-01-26 10:54:37 -08:00
quickstart.sql Revert quickstart for tables with native FULLTEXT indexes to MyISAM 2017-09-12 12:24:23 -07:00
stopwords.txt Provide a setup warning about using the default MySQL stopword file 2014-08-13 15:34:09 -07:00
stopwords_myisam.txt Show users how fulltext search queries are parsed and executed; don't query stopwords or short tokens 2017-04-12 19:07:54 -07:00