Daniel Holbert [:dholbert] Reporter
	Description • 7 years ago

STR:
 1. Visit this link, in a fresh profile:
https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=SVG

 2. Click the "Sign in with GitHub" button

ACTUAL RESULTS:
You get taken to an error page:
> Bugzilla has suffered an internal error:
> Bugzilla prevented you from logging in from a page
> containing private information.

EXPECTED RESULTS:
I should've been redirected to the GitHub login form.


This works correctly from pages like
 https://bugzilla.mozilla.org/enter_bug.cgi
...but not if I try to pre-enter the product & component like:
 https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=SVG


I'm guessing this is some "did you accidentally give us your github username/password" logic, which has gone haywire/extra-severe?

	Daniel Holbert [:dholbert] Reporter
	Comment 1 • 7 years ago

Background: I just got an emailed report of an SVG bug, and I replied asking the person to file a bug at this URL:
 https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=SVG
...and I told them they could even log in with a GitHub-login-flow if they don't want to bother creating a Bugzilla account. (intending to save them a little time / mental burden)

Little did I know, this turned out to actually be a footgun. :D hence, this bug.

	Dylan Hardison [:dylan] (he/him)
	Comment 2 • 7 years ago

So the fellow that ported this to upstream actually pointed this out last week, we're matching against the 't' in component there.
It'll be fixed next push.

	Daniel Holbert [:dholbert] Reporter
	Comment 5 • 7 years ago

Wow! Was not expecting to see a patch before I could even capture & attach a screencast. :D

Thanks!

	Dylan Hardison [:dylan] (he/him)
	Comment 6 • 7 years ago

Comment on attachment 8935933 [details] [review]
PR

r=dkl

	Daniel Holbert [:dholbert] Reporter
	Comment 7 • 7 years ago

Verified fixed. STR now take me to a github login page, as expected. Thanks!