Bug 355230: [PostgreSQL] Crash if sharer_id is not an integer - Patch by Frédéric...

diff --git a/buglist.cgi b/buglist.cgi
index d226ec8a88fc31196122737d2cab6cf09a975129..44565f1af9d067caa8c356d1877ad567907c3970 100755 (executable)
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -221,8 +221,9 @@ sub LookupNamedQuery {
     $name || ThrowUserError("query_name_missing");
     trick_taint($name);
     if ($sharer_id) {
-        trick_taint($sharer_id);
         $owner_id = $sharer_id;
+        detaint_natural($owner_id);
+        $owner_id || ThrowUserError('illegal_user_id', {'userid' => $sharer_id});
     }
     else {
         $owner_id = $user->id;

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 58eaf5893d9450e0a1aaa895c5a2eda68517578d..3fdc24d4deb0ee5f085d4c941c44929e80c22463 100644 (file)
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -966,7 +966,7 @@
     [% docslinks = {'query.html' => "Searching for $terms.bugs",
                     'list.html'  => "$terms.Bug lists"} %]
     The search named <em>[% queryname FILTER html %]</em>
-    [% IF sharer_id %]
+    [% IF sharer_id && sharer_id != user.id %]
       has not been made visible to you.
     [% ELSE %]
       does not exist.
@@ -1521,8 +1521,10 @@
   # search from any error call location. %]
 
 [% namedcmd = Bugzilla.cgi.param("namedcmd") %]
+[% sharer_id = Bugzilla.cgi.param("sharer_id") %]
 [% IF namedcmd AND error != "missing_query" 
-               AND error != "saved_search_used_by_whines" %]
+               AND error != "saved_search_used_by_whines"
+               AND !sharer_id %]
   <p>  
     Alternatively, you can    
     <a href="buglist.cgi?cmdtype=dorem&amp;remaction=forget&amp;namedcmd=