Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
4.1.1, 5.2.11
-
4.01
-
2
-
Severity 2 - Major
-
1
-
Description
In the doValidation() method of the AddProject action, it validates the creating of the project and the updating of the project schemes, but does not validate the updating of the project to update the avatar id. When it goes to the execute method, the following code is called:
final ProjectService.UpdateProjectValidationResult updateProjectValidationResult =
projectService.validateUpdateProject(getRemoteUser(), getName(), getKey(), getDescription(), getLead(),
getUrl(), getAssigneeType(), getAvatarId());
projectService.updateProject(updateProjectValidationResult);
But that validation result, which was not checked in the doValidation() method (obviously because its a project update, you can't validate the project update before the project has been created), is never checked. If validation failed, the projectService.updateProject() call will throw an exception.
I don't know what would cause the validation to fail, what I do know is that two months ago a Studio customer had just that happen to them, according to the logs:
@400000004b97c4ad087c9d74 java.lang.IllegalStateException: You can not update a project with an invalid validation result. @400000004b97c4ad087ca15c at com.atlassian.jira.bc.project.DefaultProjectService.updateProject(DefaultProjectService.java:212) @400000004b97c4ad087ca544 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) @400000004b97c4ad087cf364 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) @400000004b97c4ad087cf74c at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) @400000004b97c4ad087cfb34 at java.lang.reflect.Method.invoke(Method.java:592) @400000004b97c4ad087cff1c at com.atlassian.jira.ProxyAdapter$ProxiedComponentInvocationHandler.invoke(ProxyAdapter.java:167) @400000004b97c4ad087d1a74 at $Proxy263.updateProject(Unknown Source) @400000004b97c4ad087d1e5c at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) @400000004b97c4ad087d2244 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) @400000004b97c4ad087d262c at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) @400000004b97c4ad087d4d3c at java.lang.reflect.Method.invoke(Method.java:592) @400000004b97c4ad087d4d3c at com.atlassian.plugin.osgi.hostcomponents.impl.DefaultComponentRegistrar$ContextClassLoaderSettingInvocationHandler.invoke(DefaultComponentRegistrar.java:129) @400000004b97c4ad087d550c at $Proxy263.updateProject(Unknown Source) @400000004b97c4ad087d58f4 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) @400000004b97c4ad087d7064 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) @400000004b97c4ad087d744c at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) @400000004b97c4ad087d7834 at java.lang.reflect.Method.invoke(Method.java:592) @400000004b97c4ad087d7c1c at com.atlassian.plugin.osgi.bridge.external.HostComponentFactoryBean$DynamicServiceInvocationHandler.invoke(HostComponentFactoryBean.java:150) @400000004b97c4ad087d938c at $Proxy263.updateProject(Unknown Source) @400000004b97c4ad087d9774 at com.atlassian.jira.web.action.project.AddProject.doExecute(AddProject.java:93)
It would appear to me that validation of the avatarId parameter is not being done when it should.
Attachments
Issue Links
- is related to
-
JRASERVER-27418 Deleting used project avatar renders JIRA unusable
- Gathering Impact