View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003499||HTML & PERL||Bug Report - Interface||public||2021-04-12 08:39||2021-09-06 15:48|
|Platform||Firefox (latest)||OS||Linux||OS Version||Ubuntu 20.4.2|
|Summary||0003499: Error creating CREQ for for entry with 18+ tag leaves DB inconsistent afterwards|
|Description||An attempt to modify the "nudity" content indicator for an entry with adult tags is rejected. In the DB, the "nudity" field is blanked after this, overwriting the old value and not setting the requested one.|
|Steps To Reproduce||Reproduce:|
1. Open https://anidb.net/anime/6083 (Kiss x Sis OVA) in Web Browser
2. Tags -> Add / Edit Tags -> Edit Tags (GUI) -> content indicators
3. Change value of "nudity" content rating from existing 2.x value to 1.5 and add comment
The creation of a CREQ to admin is rejected with this error message:
"* urination - Error: tag is restricted to adult content only "
After this, the "nudity" content rating is blanked, i.e. there is no star. Existing stars are removed and not replaced by the new value. They are just deleted. This way one can hack the site and remove all nudity content ratings.
I won't test further to keep the DB consistent. But this looks like a control flow problem where an error condition
(a) shouldn't occur, why not change non-adult tags / content ratings on an anime with adult tags?
(b) there seem to be side effects with DB modification due to a bug in the error handling
Please change the code so (a) becomes possible and fix (b) to stop this denial of service problem for DB consistency.
|Tags||No tags attached.|
Literally no data is being changed there and how is that a denial of service. Neither of these things applies.
The tga is restricted and you got the appropirate response. Nothing to do here
The word "denial of service" probably was too alarmist, I can't know for sure.
There still is a problem at least in the display. After that error message, no stars were displayed for the changed category anymore in my GUI. The 1.5 stars we see now were manually entered by somebody after my change attempt. I still think the something, be it the actual DB, the display layer whatever, is messed up by triggering the error described.
|2021-04-12 08:39||inim||New Issue|
|2021-04-12 10:14||inim||Summary||Can't create CREQ for approval by admin for entry with 18+ tags => Error creating CREQ for for entry with 18+ tag leaves DB inconsistent afterwards|
|2021-04-20 14:25||DerIdiot||Note Added: 0004466|
|2021-04-28 14:02||inim||Note Added: 0004467|
|2021-09-06 15:48||DerIdiot||Project||AniDB Website => HTML & PERL|