cat-in-136/redmine_hearts

500 error occurred at redmine 4.2.9

Closed this issue · 1 comments

y-maeda-tgi commented

Thanks for providing a nice plugin.

I upgraded my Redmine version from 4.2.0 to 4.2.9, and an error occurred.
I did the following steps in Redmine 4.2.9.

  1. open "Issues"
  2. open "Options"
  3. move the "Like" clolumn from "Available Columns" to "Selected Columns"
  4. click "Apply"
  5. 500 error message is displayed

Checking the log, the following message was output.

$ cat /var/log/redmine/redmine/production.log | grep -A 25 "Internal Server Error" 
Completed 500 Internal Server Error in 828ms (ActiveRecord: 134.4ms)

NoMethodError (undefined method `visible?' for #<ActiveRecord::Associations::CollectionProxy []>):

app/models/query.rb:119:in `value_object'
app/helpers/queries_helper.rb:273:in `csv_content'
app/helpers/queries_helper.rb:313:in `block (3 levels) in query_to_csv'
app/helpers/queries_helper.rb:313:in `map'
app/helpers/queries_helper.rb:313:in `block (2 levels) in query_to_csv'
app/helpers/queries_helper.rb:312:in `each'
app/helpers/queries_helper.rb:312:in `block in query_to_csv'
lib/redmine/export/csv.rb:44:in `generate'
lib/redmine/export/csv.rb:26:in `generate'
app/helpers/queries_helper.rb:308:in `query_to_csv'
app/controllers/issues_controller.rb:70:in `block (2 levels) in index'
app/controllers/issues_controller.rb:49:in `index'
plugins/redmine_issues_tree/lib/redmine_issues_tree/issues_controller_patch.rb:33:in `index'
lib/redmine/sudo_mode.rb:61:in `sudo_mode'
Started GET "/my-redmine/" for 127.0.0.1 at 2023-03-09 10:54:39 +0900

Comparing app/models/query.rb between version 4.2.0 and 4.2.9, the following differences were found.

-    if assoc = object.send(@association)
+    assoc = object.send(@association)
+    if assoc && assoc.visible?
gagnieray commented

I can reproduce this issue with Redmine 5.0.5 :

I, [2023-03-24T18:06:13.753493 #3673929]  INFO -- : [446bb080-58ef-4910-858d-1f336a1e7585] Completed 500 Internal Server Error in 339ms (ActiveRecord: 52.8ms | Allocations: 27607)
F, [2023-03-24T18:06:13.777440 #3673929] FATAL -- : [446bb080-58ef-4910-858d-1f336a1e7585]   
[446bb080-58ef-4910-858d-1f336a1e7585] ActionView::Template::Error (undefined method `visible?' for #<ActiveRecord::Associations::CollectionProxy []>):
[446bb080-58ef-4910-858d-1f336a1e7585]     33:   <% end %>
[446bb080-58ef-4910-858d-1f336a1e7585]     34:   <tr id="issue-<%= issue.id %>" class="hascontextmenu <%= cycle('odd', 'even') %> <%= issue.css_classes %> <%= level > 0 ? "idnt idnt-#{level}" : nil %>">
[446bb080-58ef-4910-858d-1f336a1e7585]     35:     <td class="checkbox hide-when-print"><%= check_box_tag("ids[]", issue.id, false, :id => nil) %></td>
[446bb080-58ef-4910-858d-1f336a1e7585]     36:     <% query.inline_columns.each do |column| %>
[446bb080-58ef-4910-858d-1f336a1e7585]     37:     <%= content_tag('td', column_content(column, issue), :class => column.css_classes) %>
[446bb080-58ef-4910-858d-1f336a1e7585]     38:     <% end %>
[446bb080-58ef-4910-858d-1f336a1e7585]     39:     <td class="buttons"><%= link_to_context_menu %></td>
[446bb080-58ef-4910-858d-1f336a1e7585]   
[446bb080-58ef-4910-858d-1f336a1e7585] app/models/query.rb:117:in `value_object'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/queries_helper.rb:233:in `column_content'
[446bb080-58ef-4910-858d-1f336a1e7585] plugins/additional_tags/lib/additional_tags/patches/queries_helper_patch.rb:20:in `column_content_with_tags'
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:36
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:35:in `each'
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:35
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/issues_helper.rb:44:in `block in grouped_issue_list'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/queries_helper.rb:172:in `block in grouped_query_results'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/queries_helper.rb:157:in `each'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/queries_helper.rb:157:in `grouped_query_results'
[446bb080-58ef-4910-858d-1f336a1e7585] app/helpers/issues_helper.rb:39:in `grouped_issue_list'
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:21
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/_list.html.erb:4
[446bb080-58ef-4910-858d-1f336a1e7585] app/views/issues/index.html.erb:32
[446bb080-58ef-4910-858d-1f336a1e7585] app/controllers/issues_controller.rb:56:in `block (2 levels) in index'

The changes in Redmine's model were introduced in this revision related to a security issue fixed in the 4.2.7 release.

  • 👍2