Bug 157092 â\80\93 Implement a checking mechanism for invalid regexp

Patch by David Lawrence <dkl@redhat.com> - r/a=mkanat

diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 1617b7fc272d631e45726960b205cfe06d06ce99..2eba30482834e60f39c23179fb114f9b0ec5d056 100644 (file)
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -383,6 +383,15 @@ sub bz_last_key {
                                  $table, $column);
 }
 
+sub bz_check_regexp {
+    my ($self, $pattern) = @_;
+
+    eval { $self->do("SELECT " . $self->sql_regexp($self->quote("a"), $pattern, 1)) };
+
+    $@ && ThrowUserError('illegal_regexp', 
+        { value => $pattern, dberror => $self->errstr }); 
+}
+
 #####################################################################
 # Database Setup
 #####################################################################

diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm
index 8bca06f4c874480273f738683105921630edfd44..80f1cd793396c7ba93b36d7dc2a64ecd3de4590f 100644 (file)
--- a/Bugzilla/DB/Mysql.pm
+++ b/Bugzilla/DB/Mysql.pm
@@ -104,13 +104,17 @@ sub bz_last_key {
 }
 
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "$expr REGEXP $pattern";
 }
 
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "$expr NOT REGEXP $pattern";
 }

diff --git a/Bugzilla/DB/Oracle.pm b/Bugzilla/DB/Oracle.pm
index 9f759785e2fb03fe20af59bb46b5d06844788d31..1387a45cb40f013ab893a2b02e9cc6397c40ad2a 100644 (file)
--- a/Bugzilla/DB/Oracle.pm
+++ b/Bugzilla/DB/Oracle.pm
@@ -95,13 +95,17 @@ sub bz_last_key {
 }
 
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "REGEXP_LIKE($expr, $pattern)";
 }
 
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "NOT REGEXP_LIKE($expr, $pattern)" 
 }

diff --git a/Bugzilla/DB/Pg.pm b/Bugzilla/DB/Pg.pm
index 4777ba89a17fc126c42365abba9495294ea5c557..a6a2e3281cc19f03defd7668f1e232ddd45775de 100644 (file)
--- a/Bugzilla/DB/Pg.pm
+++ b/Bugzilla/DB/Pg.pm
@@ -93,13 +93,17 @@ sub bz_last_key {
 }
 
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "$expr ~* $pattern";
 }
 
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "$expr !~* $pattern" 
 }

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 6c3ed7dbc0a8a54f104cd14f972a092575bd29f4..2d5c3b35587409e55de1d805e9825d65a7f0feb7 100644 (file)
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -783,6 +783,11 @@
     [% IF format %]
       Please use the format '<tt>[% format FILTER html %]</tt>'.
     [% END %]
+
+  [% ELSIF error == "illegal_regexp" %]
+    [% title = "Illegal Regular Expression" %]
+    The regular expression you provided [% value FILTER html %] is not valid.
+    The error was: [% dberror FILTER html %].
         
   [% ELSIF error == "insufficient_data_points" %]
     [% docslinks = {'reporting.html' => 'Reporting'} %]