Bug 304044: Missing scalar() for some parameters - Patch by Frédéric Buclin <LpSolit...

diff --git a/chart.cgi b/chart.cgi
index 31f961cacff01d9debe06850a6b314aafb31ac2c..812803199dc18d1b0113c9bb75706b1a2150350d 100755 (executable)
--- a/chart.cgi
+++ b/chart.cgi
@@ -265,9 +265,7 @@ sub plot {
     validateWidthAndHeight();
     $vars->{'chart'} = new Bugzilla::Chart($cgi);
 
-    my $format = &::GetFormat("reports/chart",
-                              "",
-                              $cgi->param('ctype'));
+    my $format = &::GetFormat("reports/chart", "", scalar($cgi->param('ctype')));
 
     # Debugging PNGs is a pain; we need to be able to see the error messages
     if ($cgi->param('debug')) {

diff --git a/post_bug.cgi b/post_bug.cgi
index 0c421b6380346d18acce83cda9eaa135088f6cca..1b5b329db5c68195428a9ceb6292a801feb04eaa 100755 (executable)
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -269,9 +269,8 @@ foreach my $field ("dependson", "blocked") {
 # Gather the dependency list, and make sure there are no circular refs
 my %deps;
 if (UserInGroup("editbugs")) {
-    %deps = Bugzilla::Bug::ValidateDependencies($cgi->param('dependson'),
-                                                $cgi->param('blocked'),
-                                                undef);
+    %deps = Bugzilla::Bug::ValidateDependencies(scalar($cgi->param('dependson')),
+                                                scalar($cgi->param('blocked')));
 }
 
 # get current time

diff --git a/process_bug.cgi b/process_bug.cgi
index e92d0f24ea2f36c06cf5654175258e025b5b7e4f..b1b9c8050a4d1811a22ab049e6fcc4663c014674 100755 (executable)
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -1288,8 +1288,8 @@ foreach my $id (@idlist) {
     }   
     if (defined $cgi->param('delta_ts') && $cgi->param('delta_ts') ne $delta_ts)
     {
-        ($vars->{'operations'}) = Bugzilla::Bug::GetBugActivity($cgi->param('id'),
-                                                                $cgi->param('delta_ts'));
+        ($vars->{'operations'}) =
+            Bugzilla::Bug::GetBugActivity($id, $cgi->param('delta_ts'));
 
         $vars->{'start_at'} = $cgi->param('longdesclength');
 
@@ -1310,8 +1310,8 @@ foreach my $id (@idlist) {
     }
 
     # Gather the dependency list, and make sure there are no circular refs
-    my %deps = Bugzilla::Bug::ValidateDependencies($cgi->param('dependson'),
-                                                   $cgi->param('blocked'),
+    my %deps = Bugzilla::Bug::ValidateDependencies(scalar($cgi->param('dependson')),
+                                                   scalar($cgi->param('blocked')),
                                                    $id);
 
     #
@@ -1335,8 +1335,8 @@ foreach my $id (@idlist) {
     }
 
     if ($cgi->param('comment') || $work_time) {
-        AppendComment($id, $whoid, $cgi->param('comment'),
-                      $cgi->param('commentprivacy'), $timestamp, $work_time);
+        AppendComment($id, $whoid, scalar($cgi->param('comment')),
+                      scalar($cgi->param('commentprivacy')), $timestamp, $work_time);
         $bug_changed = 1;
     }
 

diff --git a/report.cgi b/report.cgi
index e7b94ffc2aa8b21199ac602aaa8cb5b4f1b99856..6effd485eeec812e355c5b2f5bb23d8f72648d29 100755 (executable)
--- a/report.cgi
+++ b/report.cgi
@@ -293,7 +293,7 @@ else {
     ThrowUserError("unknown_action", {action => $cgi->param('action')});
 }
 
-my $format = GetFormat("reports/report", $formatparam, $cgi->param('ctype'));
+my $format = GetFormat("reports/report", $formatparam, scalar($cgi->param('ctype')));
 
 # If we get a template or CGI error, it comes out as HTML, which isn't valid
 # PNG data, and the browser just displays a "corrupt PNG" message. So, you can

diff --git a/userprefs.cgi b/userprefs.cgi
index 833f2bfa8389f3c32a45619759c2e86c78ee68b8..0a6ffe288b94c013ff2772c6ca369e4d7b45a91f 100755 (executable)
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -76,12 +76,11 @@ sub SaveAccount {
     if ($cgi->param('Bugzilla_password') ne "" || 
         $pwd1 ne "" || $pwd2 ne "") 
     {
-        my $old = SqlQuote($cgi->param('Bugzilla_password'));
         SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid");
         my $oldcryptedpwd = FetchOneColumn();
         $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password");
 
-        if (crypt($cgi->param('Bugzilla_password'), $oldcryptedpwd) ne 
+        if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne 
                   $oldcryptedpwd) 
         {
             ThrowUserError("old_password_incorrect");