Open-AudIT https://www.open-audit.org/phpBB3/ |
|
admin_add_pc_2.php fails without indication and loses data https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3019 |
Page 1 of 1 |
Author: | kkeane [ Mon Oct 20, 2008 6:35 pm ] |
Post subject: | admin_add_pc_2.php fails without indication and loses data |
This is really two separate bugs, but they occur in the same scenario, so I am writing them up together. 1) This is actually a problem in how admin_add_pc_2.php and the VBS audit script play together. In my example, the database updates for an upgrade were missing (I forgot to run upgrade.php). As a result, some SQL inserts failed in admin_add_pc_2.php (correct behavior). However, there is no indication anywhere that I'm aware of that the statement failed. admin_add_pc_2.php will actually report the problem in the response to the HTTP POST, but the script does not do anything with that response (when using online="yesxml" ) Correct behavior would be for admin_add_pc_2.php to return HTTP status code 500 in this case, and roll back the complete transaction. As a stopgap solution: I added a few lines of code to audit.vbs that will show the output of admin_add_pc_2.php in Internet Explorer (towards the top of audit.vbs) if online = "p" or (online = "yesxml" and verbose = "y") then (after submitting the data) if verbose = "y" then Dim objResult echo "Verbose - results should pop up in IE" oIE.document.WriteLn objHTTP.responseText oIE.document.WriteLn "</div>" oIE.document.WriteLn "</body>" end if 2) Second related bug: processing of the audit file aborts in the same scenario, and even SOME "good" data is lost if it happens to follow the bad data. Such a submission should either completely fail, or completely succeed. This is with SVN version 1074 |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |