cat-in-136 / redmine_hearts

a redmine plugin which provides intra-Redmine Like/Fav reactions
https://www.redmine.org/plugins/redmine_hearts
GNU General Public License v2.0
33 stars 3 forks source link

500 error occurred at redmine 4.2.9 #40

Closed y-maeda-tgi closed 1 year ago

y-maeda-tgi commented 1 year ago

Thanks for providing a nice plugin.

I upgraded my Redmine version from 4.2.0 to 4.2.9, and an error occurred. I did the following steps in Redmine 4.2.9.

  1. open "Issues"
  2. open "Options"
  3. move the "Like" clolumn from "Available Columns" to "Selected Columns"
  4. click "Apply"
  5. 500 error message is displayed

Checking the log, the following message was output.

$ cat /var/log/redmine/redmine/production.log | grep -A 25 "Internal Server Error" 
Completed 500 Internal Server Error in 828ms (ActiveRecord: 134.4ms)

NoMethodError (undefined method `visible?' for #<ActiveRecord::Associations::CollectionProxy []>):

app/models/query.rb:119:in `value_object'
app/helpers/queries_helper.rb:273:in `csv_content'
app/helpers/queries_helper.rb:313:in `block (3 levels) in query_to_csv'
app/helpers/queries_helper.rb:313:in `map'
app/helpers/queries_helper.rb:313:in `block (2 levels) in query_to_csv'
app/helpers/queries_helper.rb:312:in `each'
app/helpers/queries_helper.rb:312:in `block in query_to_csv'
lib/redmine/export/csv.rb:44:in `generate'
lib/redmine/export/csv.rb:26:in `generate'
app/helpers/queries_helper.rb:308:in `query_to_csv'
app/controllers/issues_controller.rb:70:in `block (2 levels) in index'
app/controllers/issues_controller.rb:49:in `index'
plugins/redmine_issues_tree/lib/redmine_issues_tree/issues_controller_patch.rb:33:in `index'
lib/redmine/sudo_mode.rb:61:in `sudo_mode'
Started GET "/my-redmine/" for 127.0.0.1 at 2023-03-09 10:54:39 +0900

Comparing app/models/query.rb between version 4.2.0 and 4.2.9, the following differences were found.

-    if assoc = object.send(@association)
+    assoc = object.send(@association)
+    if assoc && assoc.visible?
gagnieray commented 1 year ago

I can reproduce this issue with Redmine 5.0.5 :

I, [2023-03-24T18:06:13.753493 #3673929]  INFO -- : [446bb080-58ef-4910-858d-1f336a1e7585] Completed 500 Internal Server Error in 339ms (ActiveRecord: 52.8ms | Allocations: 27607)
F, [2023-03-24T18:06:13.777440 #3673929] FATAL -- : [446bb080-58ef-4910-858d-1f336a1e7585]   
[446bb080-58ef-4910-858d-1f336a1e7585] ActionView::Template::Error (undefined method `visible?' for #<ActiveRecord::Associations::CollectionProxy []>):
[446bb080-58ef-4910-858d-1f336a1e7585]     33:   <% end %>
[446bb080-58ef-4910-858d-1f336a1e7585]     34:   <tr id="issue-<%= issue.id %>" class="hascontextmenu <%= cycle('odd', 'even') %> <%= issue.css_classes %> <%= level > 0 ? "idnt idnt-#{level}" : nil %>">
[446bb080-58ef-4910-858d-1f336a1e7585]     35:     <td class="checkbox hide-when-print"><%= check_box_tag("ids[]", issue.id, false, :id => nil) %></td>
[446bb080-58ef-4910-858d-1f336a1e7585]     36:     <% query.inline_columns.each do |column| %>
[446bb080-58ef-4910-858d-1f336a1e7585]     37:     <%= content_tag('td', column_content(column, issue), :class => column.css_classes) %>
[446bb080-58ef-4910-858d-1f336a1e7585]     38:     <% end %>
[446bb080-58ef-4910-858d-1f336a1e7585]     39:     <td class="buttons"><%= link_to_context_menu %></td>
[446bb080-58ef-4910-858d-1f336a1e7585]   
[446bb080-58ef-4910-858d-1f336a1e7585] app/models/query.rb:117:in `value_object'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/queries_helper.rb:233:in `column_content'
[446bb080-58ef-4910-858d-1f336a1e7585] plugins/additional_tags/lib/additional_tags/patches/queries_helper_patch.rb:20:in `column_content_with_tags'
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:36
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:35:in `each'
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:35
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/issues_helper.rb:44:in `block in grouped_issue_list'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/queries_helper.rb:172:in `block in grouped_query_results'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/queries_helper.rb:157:in `each'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/queries_helper.rb:157:in `grouped_query_results'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/issues_helper.rb:39:in `grouped_issue_list'
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:21
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:4
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/index.html.erb:32
[446bb080-58ef-4910-858d-1f336a1e7585] app/controllers/issues_controller.rb:56:in `block (2 levels) in index'

The changes in Redmine's model were introduced in this revision related to a security issue fixed in the 4.2.7 release.