So. User bago creates a placeholder project and names it "zero". It puts "0" as the "Full project name", which causes validation of the rest of the form to be bypassed:

function cvs_nodeapi(&$node, $op, $arg = NULL) {
  if ($node->type == 'project_project') {
    switch ($op) {
[...]
      case 'validate':
        if ($node->title) {
           // Do the validation
           [...]
        }
    }
  }
}

The project is saved with an empty "cvs directory", and all the files on drupal.org got reassigned to the zero project:

db_query("UPDATE {cvs_files} SET nid = %d WHERE rid = %d AND file LIKE '%s%%'", $node->nid, $node->cvs['repository'], $node->cvs['directory']);

Hilarity ensues.

Comments

damien tournoud’s picture

damien tournoud commented

Committed http://drupal.org/cvs?commit=262966 as a stop gap solution.

damien tournoud’s picture

damien tournoud commented

Here is what I ran to fix the files ownership:

  $res = db_query('SELECT nid, rid, directory FROM {cvs_projects} WHERE rid = 2');
  while ($project = db_fetch_object($res)) {
    db_query("UPDATE {cvs_files} SET nid = %d WHERE rid = %d AND file LIKE '%s%%'", $project->nid, $project->rid, $project->directory);
  }

Followed by:

UPDATE cvs_files SET nid = 0 WHERE nid = 577366;

(the zero project had no code)

bago’s picture

bago commented

Cool! Sorry for hitting the bug and I'm happy it served to find and fix a bug without creating major issues!
@Damien I also wrote you about "policies" but I understand this was not about policy but about a bug in d.o. code.

damien tournoud’s picture

damien tournoud commented
Project: Drupal.org infrastructure » CVS integration
Version: » 6.x-1.x-dev
Component: CVS » Code

Moving to the CVS queue. There is no need for this to rotten in the infrastructure queue anymore, the issue on drupal.org has been fixed.