method_lookup drops session info

Bug #1350457 reported by Mike Rylander on 2014-07-30
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenSRF
High
Unassigned

Bug Description

In the process of looking up a method for an internal subrequest, we lose session info. This is a problem when the subrequest makes a remote request, because then the subrequest can't look up the proper locale, among other things. The forthcoming branch passes the caller's session to the subrequest.

Galen Charlton (gmc) wrote :

Pushed to master. Thanks, Mike!

Changed in opensrf:
status: New → Fix Committed
Galen Charlton (gmc) wrote :

Ended up having to revert. Since method_lookup() can be called as a class method, adding '&& ref($self)' to line 562 Application.pm was needed. While this fixed an issue calling ordinary methods, it didn't suffice for opensrf.system.method.all (i.e., introspection), apparently because of a data-structure cycle.

Changed in opensrf:
status: Fix Committed → New
tags: removed: pullrequest
Mike Rylander (mrylander) wrote :

I've updated the branch to protect json-ification of method objects (used during introspection and remote method lookup) from accessing and including known-dangerous object members -- session, in this case. Leaving pullrequest off until someone else can point eyeballs at it.

Ben Shum (bshum) on 2014-11-04
Changed in opensrf:
milestone: 2.4.0-alpha → 2.4.0
Ben Shum (bshum) on 2015-02-05
Changed in opensrf:
milestone: 2.4.0 → 2.4.1
Galen Charlton (gmc) on 2016-02-04
Changed in opensrf:
milestone: 2.4.1 → 2.4.2
tags: added: pullrequest
Galen Charlton (gmc) wrote :

I've pushed a squash of your patches along with a test case. Thanks, Mike!

Changed in opensrf:
status: New → Fix Committed
Changed in opensrf:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers