-#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
-#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
my $self = shift();
my ($bug_id, $user_id) = (@_);
-
- if ( (! defined $bug_id) || (!$bug_id) ) {
- # no bug number given
- return {};
+ my $old_bug_id = $bug_id;
+ if ((! defined $bug_id) || (!$bug_id) || (!&::detaint_natural($bug_id))) {
+ # no bug number given
+ $self->{'bug_id'} = $old_bug_id;
+ $self->{'error'} = "InvalidBugId";
+ return $self;
}
# default userid 0, or get DBID if you used an email address
-#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
-#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
my $self = shift();
my ($bug_id, $user_id) = (@_);
-
- if ( (! defined $bug_id) || (!$bug_id) ) {
- # no bug number given
- return {};
+ my $old_bug_id = $bug_id;
+ if ((! defined $bug_id) || (!$bug_id) || (!&::detaint_natural($bug_id))) {
+ # no bug number given
+ $self->{'bug_id'} = $old_bug_id;
+ $self->{'error'} = "InvalidBugId";
+ return $self;
}
# default userid 0, or get DBID if you used an email address
-#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
sub ParseUrlString {
+ # We don't want to detaint the user supplied data...
+ use re 'taint';
+
my ($buffer, $f, $m) = (@_);
undef %$f;
undef %$m;
$name = $item;
$value = "";
}
+
if ($value ne "") {
if (defined $f->{$name}) {
$f->{$name} .= $value;
}
}
-
sub ProcessFormFields {
my ($buffer) = (@_);
return ParseUrlString($buffer, \%::FORM, \%::MFORM);
# Validates and verifies a bug ID, making sure the number is a
# positive integer, that it represents an existing bug in the
# database, and that the user is authorized to access that bug.
+ # We detaint the number here, too
- my ($id) = @_;
-
- # Make sure the bug number is a positive integer.
- # Whitespace can be ignored because the SQL server will ignore it.
- $id =~ /^\s*([1-9][0-9]*)\s*$/
+ $_[0] = trim($_[0]); # Allow whitespace arround the number
+ detaint_natural($_[0])
|| DisplayError("The bug number is invalid. If you are trying to use " .
"QuickSearch, you need to enable JavaScript in your " .
"browser. To help us fix this limitation, look " .
"<a href=\"http://bugzilla.mozilla.org/show_bug.cgi?id=70907\">here</a>.")
&& exit;
+ my ($id) = @_;
+
# Get the values of the usergroupset and userid global variables
# and write them to local variables for use within this function,
# setting those local variables to the default value of zero if
$::COOKIE{"Bugzilla_login"} = $loginname; # Makes sure case
# is in
# canonical form.
+ # We've just verified that this is ok
+ detaint_natural($::COOKIE{"Bugzilla_logincookie"});
} else {
$::disabledreason = $disabledtext;
}
if (defined $ENV{"HTTP_COOKIE"}) {
+ # Don't trust anything which came in as a cookie
+ use re 'taint';
foreach my $pair (split(/;/, $ENV{"HTTP_COOKIE"})) {
$pair = trim($pair);
if ($pair =~ /^([^=]*)=(.*)$/) {
-#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
# Include the Bugzilla CGI and general utility library.
require "CGI.pl";
sub validateID
{
- # Validate the value of the "id" form field, which must contain a positive
+ # Validate the value of the "id" form field, which must contain an
# integer that is the ID of an existing attachment.
- $::FORM{'id'} =~ /^[1-9][0-9]*$/
+ detaint_natural($::FORM{'id'})
|| DisplayError("You did not enter a valid attachment number.")
&& exit;
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
use Date::Parse;
die "Internal error: $errstr" if $chart < 0;
return Error($errstr);
}
+
+ # This is either from the internal chart (in which case we
+ # already know about it), or it was in %chartfields, so it is
+ # a valid field name, which means that its ok.
+ trick_taint($f);
$q = SqlQuote($v);
my $func;
$term = undef;
foreach my $c (@collist) {
if (exists $::needquote{$c}) {
- push(@fields, "$::key{$c}");
+ # The value we are actually using is $::key{$c}, which was created
+ # using the DefCol() function earlier. We test for the existance
+ # of $::needsquote{$c} to find out if $c is a legitimate key in the
+ # hashes that were defined by DefCol(). If $::needsquote{$c} exists,
+ # then $c is valid and we can use it to look up our key.
+ # If it doesn't exist, then we know the user is screwing with us
+ # and we'll just skip it.
+ trick_taint($c);
+ push(@fields, $::key{$c});
}
}
}
die "Invalid order: $::FORM{'order'}" unless
$::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/;
+ $::FORM{'order'} = $1; # detaint this, since we've checked it
# Extra special disgusting hack: if we are ordering by target_milestone,
# change it to order by the sortkey of the target_milestone first.
reporter, target_milestone?, bug_severity, creation_ts, qa_contact?,
status_whiteboard?, op_sys, short_desc?, keywords*, dependson*,
blocks*, cc*, long_desc?, attachment*)>
-<!ATTLIST bug error (NotFound|NotPermitted) #IMPLIED>
+<!ATTLIST bug error (NotFound|NotPermitted|InvalidBugId) #IMPLIED>
<!ELEMENT bug_id (#PCDATA)>
<!ELEMENT short_desc (#PCDATA)>
<!ELEMENT bug_status (#PCDATA)>
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
sub sillyness { # shut up "used only once" warnings
my $zz = @::legal_keywords;
}
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
# Shut up misguided -w warnings about "used only once":
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
use vars %::COOKIE, %::FILENAME;
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
require "defparams.pl";
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
# minus sign).
foreach my $id (@buglist) {
ValidateBugID($id);
- ($::FORM{$id} =~ /^\d+$/)
- || DisplayError("Only use non-negative numbers for your bug votes.")
- && exit;
}
######################################################################
}
SendSQL("delete from votes where who = $who");
foreach my $id (@buglist) {
- if ($::FORM{$id} > 0) {
+ if (detaint_natural($::FORM{$id}) && $::FORM{$id} > 0) {
SendSQL("insert into votes (who, bug_id, count) values ($who, $id, $::FORM{$id})");
}
$affected{$id} = 1;
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use strict;
use CGI "param";
use AnyDBM_File;
+
+use lib qw(.);
+
require "globals.pl";
require "CGI.pl";
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
# Shut up misguided -w warnings about "used only once". "use vars" just
}
}
+# This is from the perlsec page, slightly modifed to remove a warning
+# From that page:
+# This function makes use of the fact that the presence of
+# tainted data anywhere within an expression renders the
+# entire expression tainted.
+# Don't ask me how it works...
+sub is_tainted {
+ return not eval { my $foo = join('',@_), kill 0; 1; };
+}
+
sub SendSQL {
my ($str, $dontshadow) = (@_);
+
+ # Don't use DBI's taint stuff yet, because:
+ # a) We don't want out vars to be tainted (yet)
+ # b) We want to know who called SendSQL...
+ # Is there a better way to do b?
+ if (is_tainted($str)) {
+ die "Attempted to send tainted string to the database";
+ }
+
my $iswrite = ($str =~ /^(INSERT|REPLACE|UPDATE|DELETE)/i);
if ($iswrite && !$::dbwritesallowed) {
die "Evil code attempted to write stuff to the shadow database.";
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
# Shut up misguided -w warnings about "used only once". "use vars" just
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+
+use lib qw(.);
+
use Bug;
require "CGI.pl";
$::lockcount = 0;
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
# Shut up misguided -w warnings about "used only once". For some reason,
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
my $UserInEditGroupSet = -1;
my $UserInCanConfirmGroupSet = -1;
+use lib qw(.);
+
require "CGI.pl";
use RelationSet;
%::legal_opsys,
%::legal_platform,
%::legal_priority,
+ %::settable_resolution,
%::target_milestone,
%::legal_severity,
%::superusergroupset;
# This list will either consist of a single bug number from the "id"
# form/URL field or a series of numbers from multiple form/URL fields
# named "id_x" where "x" is the bug number.
+# For each bug being modified, make sure its ID is a valid bug number
+# representing an existing bug that the user is authorized to access.
my @idlist;
if (defined $::FORM{'id'}) {
+ ValidateBugID($::FORM{'id'});
push @idlist, $::FORM{'id'};
} else {
foreach my $i (keys %::FORM) {
if ($i =~ /^id_([1-9][0-9]*)/) {
- push @idlist, $1;
+ my $id = $1;
+ ValidateBugID($id);
+ push @idlist, $id;
}
}
}
|| DisplayError("You did not select any bugs to modify.")
&& exit;
-# For each bug being modified, make sure its ID is a valid bug number
-# representing an existing bug that the user is authorized to access.
-foreach my $id (@idlist) {
- ValidateBugID($id);
-}
-
# If we are duping bugs, let's also make sure that we can change
# the original. This takes care of issue A on bug 96085.
if (defined $::FORM{'dup_id'} && $::FORM{'knob'} eq "duplicate") {
my ($str) = (@_);
if ($str ne $::dontchange) {
DoComma();
- $::query .= "resolution = '$str'";
+ $::query .= "resolution = " . SqlQuote($str);
}
}
last SWITCH;
};
/^resolve$/ && CheckonComment( "resolve" ) && do {
+ # Check here, because its the only place we require the resolution
+ CheckFormField(\%::FORM, 'resolution', \@::settable_resolution);
ChangeStatus('RESOLVED');
ChangeResolution($::FORM{'resolution'});
last SWITCH;
foreach my $i (split('[\s,]+', $::FORM{$target})) {
if ($i eq "") {
next;
+ }
+ my $orig = $i;
+ if (!detaint_natural($i)) {
+ PuntTryAgain("$orig is not a legal bug number");
}
+
+ # Don't use CanSeeBug, since we want to keep deps to bugs a
+ # user can't see
SendSQL("select bug_id from bugs where bug_id = " .
SqlQuote($i));
my $comp = FetchOneColumn();
my @stack = @{$deps{$target}};
while (@stack) {
my $i = shift @stack;
- SendSQL("select $target from dependencies where $me = $i");
+ SendSQL("select $target from dependencies where $me = " .
+ SqlQuote($i));
while (MoreSQLData()) {
my $t = FetchOneColumn();
if ($t == $id) {
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use strict;
use vars ( %::FORM );
+use lib qw(.);
+
require "CGI.pl";
print "Content-type: text/html\n\n";
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use vars %::COOKIE;
+use lib qw(.);
+
require "CGI.pl";
my $cookiepath = Param("cookiepath");
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
eval "use GD";
my $use_gd = $@ ? 0 : 1;
eval "use Chart::Lines";
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
use vars %::FORM;
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
if (!defined $::FORM{'attach_id'}) {
quietly_check_login();
-if ($::FORM{attach_id} !~ /^[1-9][0-9]*$/) {
+if (!detaint_natural($::FORM{attach_id})) {
DisplayError("Attachment ID should be numeric.");
exit;
}
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
# Cleanup any old .dot files created from previous runs.
my $since = time() - 24 * 60 * 60;
foreach my $f (glob("data/webdot/*.dot")) {
+ # Here we are deleting all old files. All entries are from the
+ # data/webdot/ directory. Since we're deleting the file (not following
+ # symlinks), this can't escape to delete anything it shouldn't
+ trick_taint($f);
if (ModTime($f) < $since) {
unlink $f;
}
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
# Make sure the user ID is a positive integer representing an existing user.
if (defined $::FORM{'user'}) {
- $::FORM{'user'} =~ /^([1-9][0-9]*)$/
+ detaint_natural($::FORM{'user'})
|| DisplayError("The user number is invalid.")
&& exit;
SendSQL("SELECT 1 FROM profiles WHERE userid = $::FORM{'user'}");
}
my $file_line1 = <FILE>;
close (FILE);
+
+ $file =~ m/.*\.(.*)/;
+ my $ext = $1;
+
if ($file_line1 !~ /\/usr\/bonsaitools\/bin\/perl/) {
ok(1,"$file does not have a shebang");
} else {
- if ($file_line1 =~ m#/usr/bonsaitools/bin/perl -w#) {
- ok(1,"$file uses -w");
+ my $flags;
+ if ($file eq "processmail") {
+ # special case processmail, which is tainted checked
+ $flags = "wT";
+ } elsif (!defined $ext || $ext eq "pl") {
+ # standalone programs (eg syncshadowdb) aren't taint checked yet
+ $flags = "w";
+ } elsif ($ext eq "pm") {
+ ok(0, "$file is a module, but has a shebang");
+ next;
+ } elsif ($ext eq "cgi") {
+ # cgi files must be taint checked, but only the user-accessible
+ # ones have been checked so far
+ if ($file =~ m/^edit/) {
+ $flags = "w";
+ } else {
+ $flags = "wT";
+ }
+ } else {
+ ok(0, "$file has shebang but unknown extension");
+ next;
+ }
+
+ if ($file_line1 =~ m#/usr/bonsaitools/bin/perl -$flags#) {
+ ok(1,"$file uses -$flags");
} else {
- ok(0,"$file is MISSING -w --WARNING");
+ ok(0,"$file is MISSING -$flags --WARNING");
}
}
}
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
# Include the Bugzilla CGI and general utility library.
require "CGI.pl";
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
use RelationSet;
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
use diagnostics;
use strict;
+
+use lib qw(.);
+
use Bug;
require "CGI.pl";
-if (!defined $::FORM{'id'} || $::FORM{'id'} !~ /^\s*\d+(,\d+)*\s*$/) {
+if (!defined $::FORM{'id'} || !$::FORM{'id'}) {
print "Content-type: text/html\n\n";
PutHeader("Display as XML");
print "<FORM METHOD=GET ACTION=\"xml.cgi\">\n";
projects / thirdparty / bugzilla.git / commitdiff
