views_update_6001 appends the string "-block_1" to all blocks generated by views. Unfortunately, it doesn't consider what will happen to blocks that have long names: they will exceed the 32 char limit of the delta variable, leading to various problems.

What happens is that you append "-block_1" without checking the length of the variable. On MySQL at least, strings larger than 32 chars will simply be cut off at the 32 char limit. You'll then get something like "VeryLong...Name-blo". Later on, when I load my views, a new entry in blocks is generated with a md5sum sum. However, this new entry doesn't get the information from my pervious block (e.g. on which pages it should be displayed). In addition to this cut-off, what can also happen is that the new string (with "-block_1") can be 32 bytes exactly, leading views to think that it's an md5sum (but it cannot find it in its hash and will generate a new entry).

The solution is probably to look for blocks that have lenght(delta) >= 24 and convert them to md5sum directly in views_update_6001().

CommentFileSizeAuthor
#4 views-update-ret.patch411 bytesHidehisa
#2 723454-md5.patch1.18 KBdawehner
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

merlinofchaos’s picture

merlinofchaos CreditAttribution: merlinofchaos commented

That solution sounds right. Would anybody like to roll a patch to do this?

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner commented
Status: Active » Needs review
FileSize
723454-md5.patch1.18 KB

Here is a patch

merlinofchaos’s picture

merlinofchaos CreditAttribution: merlinofchaos commented
Status: Needs review » Fixed

Committed! Thanks for the patch!

Hidehisa’s picture

Hidehisa CreditAttribution: Hidehisa commented
Version: 6.x-2.8 » 6.x-2.11
Component: block displays » Code
Status: Fixed » Needs review
FileSize
views-update-ret.patch411 bytes

723454-md5.patch brought another issue for updater because it uses

update_sql($ret, "UPDATE {blocks} SET delta = '$new' WHERE bid = $block->bid");

where it shoud be

$ret[] = update_sql("UPDATE {blocks} SET delta = '$new' WHERE bid = $block->bid");

I tried to upgrade from Drupal 5.x to 6.x and got quite a lot of errors.

here is a patch.

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner commented
Status: Needs review » Reviewed & tested by the community

Oh

merlinofchaos’s picture

merlinofchaos CreditAttribution: merlinofchaos commented
Status: Reviewed & tested by the community » Fixed

Fixed in 6.x branches. I don't think this applies to 7.x at all.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

NancyDru’s picture

NancyDru
she/her/hers
Primary language English
Location Boston
CreditAttribution: NancyDru commented
Priority: Critical » Major
Status: Closed (fixed) » Active

I installed 6.x-2.12 and this error is still present.

Manually applying the patch from #4 fixes it. There are going to be many latecomers to the 5->6 migration now that 7 is out. This really needs to get in.

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner commented
Status: Active » Fixed

It was commited against 6.11, so it's not part of 6.12, because 6.12 was a security-only release.

If you tryout the dev version of 6.x-2.x you will be able to see that it's there.

NancyDru’s picture

NancyDru
she/her/hers
Primary language English
Location Boston
CreditAttribution: NancyDru commented

??? Guess there is even more of Views that I don't understand.

Oh, yikes, that means I have to go to the CIO to get permission to use a -dev. And they probably won't let the site go live with it. Government!!! Maybe I should just not tell them I fixed it manually.

merlinofchaos’s picture

merlinofchaos CreditAttribution: merlinofchaos commented

It was only recently possible to make security specific releases.

Typically maintainers will make 2 releases like this; one with just the security patch, one with the full -dev. However, I wasn't prepared to release the full -dev. I have not yet had the time to ensure that the -dev is as solid as 2.11 is, and I'm tired of being burned by something major and stupid that I missed that I should not have. So I'm being very slow about releasing 2.13 until I am able to spend the time necessary to do it right.

merlinofchaos’s picture

merlinofchaos CreditAttribution: merlinofchaos commented

Perhaps what you should do is use 2.11 and this patch to correct the one problem.

NancyDru’s picture

NancyDru
she/her/hers
Primary language English
Location Boston
CreditAttribution: NancyDru commented

I understand. It's not like Views is only used by a handful of people.

I didn't even realize that a security specific release was possible. I need to get more details on that because I have an SA to deal with.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

crozilla’s picture

crozilla CreditAttribution: crozilla commented

Not seeing the dev version anywhere, just the 6.x-2.12 one. Little help?

merlinofchaos’s picture

merlinofchaos CreditAttribution: merlinofchaos commented

Click on view all releases; its' on the last page.