fix for 49063: no sanity checking when setting duplicate. sanity checking

is done for the dup id field, but not for the originating bug id.
now checks to see if the original bug id is valid as well, although i don't
understand how this could get corrupted in the first place

diff --git a/process_bug.cgi b/process_bug.cgi
index 11cd5b3ecc423c3a1e00383ceb5f3ac426692b91..3664e427f6a10d4dae0c68fb7ba6e6df3c873906 100755 (executable)
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -528,6 +528,13 @@ SWITCH: for ($::FORM{'knob'}) {
                          "make sense to mark a bug as a duplicate of " .
                          "itself, does it?");
         }
+        my $checkid = trim($::FORM{'id'});
+        SendSQL("SELECT bug_id FROM bugs where bug_id = " .  SqlQuote($checkid));
+        $checkid = FetchOneColumn();
+        if (!$checkid) {
+            PuntTryAgain("The bug id $::FORM{'id'} is invalid. Please reload this bug ".
+                         "and try again.");
+        }
         AppendComment($num, $::FORM{'who'}, "*** Bug $::FORM{'id'} has been marked as a duplicate of this bug. ***");
         if ( Param('strictvaluechecks') ) {
           CheckFormFieldDefined(\%::FORM,'comment');