Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 568945

Summary: Bugzilla search does not correctly work - You don't have permission to access /bugs/buglist.cgi on this server.
Product: Community Reporter: Marco Descher <marco>
Component: BugzillaAssignee: Eclipse Webmaster <webmaster>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: denis.roy
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Mac OS X   
Whiteboard:

Description Marco Descher CLA 2020-11-19 01:39:40 EST 
When searching e.g. using https://bugs.eclipse.org/bugs/buglist.cgi?quicksearch=swt+list+prevent+selection 

I only receive a page showing

Forbidden

You don't have permission to access /bugs/buglist.cgi on this server.

See https://twitter.com/MarcoDescher/status/1329044502770835457 for a screenshot
Comment 1 Denis Roy CLA 2020-11-19 14:34:50 EST 
A few weeks ago, Bugzilla was being hit with a substantial SQL injection attack. Although the attack didn't lead to any leaks, it did cause substantial churn on the database, to the point where there was a denial of service.  In all instances, the attack was against buglist.cgi.*SELECT

In your case, the innocent word "selection" is triggering that.

I'll look through Bugzilla logs to see if this is still an issue for us.
Comment 2 Marco Descher CLA 2020-11-19 14:43:16 EST 
Thanks for the explanation!! thumbs up!
Comment 3 Denis Roy CLA 2020-11-19 14:57:48 EST 
I'e submitted a patch that will allow your search to go through but catch all the nonesense. It should be live in about one hour. Apologies for the inconvenience.
Comment 4 Marco Descher CLA 2020-11-20 04:02:23 EST 
For my search it works now, thank you!