#3131 closed defect (fixed)
The use of env as a global variable in dbhelper.py looks dangerous
| Reported by: | Owned by: | Russ Tyndall | |
|---|---|---|---|
| Priority: | highest | Component: | TimingAndEstimationPlugin |
| Severity: | critical | Keywords: | |
| Cc: | Trac Release: | 0.11 |
Description
Unless I'm missing something the way dbhelper.py stores the env in a global variable is really unsafe. With thread based frontends like tracd or fastcgi this global variable can at anytime be modified by another thread to point to another environment. And this can cause the wrong database to be modified.
Attachments (0)
Change History (4)
comment:1 Changed 16 years ago by
comment:2 Changed 16 years ago by
| Priority: | normal → highest |
|---|---|
| Severity: | normal → critical |
I have this patched, but am going to wait till I can test everything in the morning before publishing this.
Thanks again,
Russ
comment:3 Changed 16 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:4 Changed 16 years ago by
(In [3785]) closes #3131
closes #3074
T&E(trac 10) 0.6.6
I brought the trac 10 branch up to the same version number of the plugin so that hopefully there is less confusion on my part about versions.
Fixes horrible bug relating to database access (due to my misunderstanding of which things were stateful in trac/python).
Fixed some bugs in the way billable values were being compared in the reports file (strong vs weak typed databases)
I hadnt realized that when I wrote it. I will attempt to fix this very soon.