]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 77f6601)
Patch by Brian Duggan <bduggan@oven.com> -- security improvements.
authorterry%mozilla.org <>
Wed, 8 Mar 2000 02:22:41 +0000 (02:22 +0000)
committerterry%mozilla.org <>
Wed, 8 Mar 2000 02:22:41 +0000 (02:22 +0000)
CGI.pl patch | blob | blame | history
buglist.cgi patch | blob | blame | history
createattachment.cgi patch | blob | blame | history
reports.cgi patch | blob | blame | history
showattachment.cgi patch | blob | blame | history
showdependencygraph.cgi patch | blob | blame | history

diff --git a/CGI.pl b/CGI.pl
index 8f80826d2d267cac5110d38cb0c2d5c9c4ffc1ca..c8dc98e2ca0cfbd6138d7e11f02f155833c11c3d 100644 (file)
--- a/CGI.pl
+++ b/CGI.pl
@@ -842,6 +842,9 @@ sub CheckIfVotedConfirmed {
 sub DumpBugActivity {
     my ($id, $starttime) = (@_);
     my $datepart = "";
+
+    die "Invalid id: $id" unless $id=~/^\s*\d+\s*$/;
+
     if (defined $starttime) {
         $datepart = "and bugs_activity.bug_when >= $starttime";
     }
diff --git a/buglist.cgi b/buglist.cgi
index 43d46c7ea4c768c0987a98f114d47a7cd371c1b9..75549e730df745c16898bede5286a26db42efc92 100755 (executable)
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -170,6 +170,7 @@ sub GenerateSQL {
     }
 
     if (defined $F{'sql'}) {
+        die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/;
         push(@wherepart, "( $F{'sql'} )");
     }
 
@@ -887,6 +888,8 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") {
     $::FORM{'order'} =~ s/assign\.login_name/map_assigned_to.login_name/g;
                                 # Another backwards compatability hack.
     
+    die "Invalid order: $::FORM{'order'}" unless
+        $::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/;
     ORDER: for ($::FORM{'order'}) {
         /\./ && do {
             # This (hopefully) already has fieldnames in it, so we're done.
diff --git a/createattachment.cgi b/createattachment.cgi
index 1eaf9b1eacc4e86740f06bc983d09729d780a6a0..fa370d71034251504bac20181d23c7fcefe55ad8 100755 (executable)
--- a/createattachment.cgi
+++ b/createattachment.cgi
@@ -41,6 +41,7 @@ confirm_login();
 print "Content-type: text/html\n\n";
 
 my $id = $::FORM{'id'};
+die "invalid id: $id" unless $id=~/^\s*\d+\s*$/;
 
 PutHeader("Create an attachment", "Create attachment", "Bug $id");
 
diff --git a/reports.cgi b/reports.cgi
index 6c8ededcfe551110c3f08f2fc675fc3ecdc72834..805de8da967a31d20fe994d1593392e22ebd2b6a 100755 (executable)
--- a/reports.cgi
+++ b/reports.cgi
@@ -206,7 +206,7 @@ and    bugs.reporter = report.userid
 FIN
 
        if( $::FORM{'product'} ne "-All-" ) {
-               $query .= "and    bugs.product='$::FORM{'product'}'";
+               $query .= "and    bugs.product=".SqlQuote($::FORM{'product'});
        }
 
        $query .= <<FIN;
@@ -572,7 +572,7 @@ sub most_doomed_for_milestone
        my $query;
        $query = "select distinct assigned_to from bugs where target_milestone=\"$ms\"";
        if( $::FORM{'product'} ne "-All-" ) {
-               $query .= "and    bugs.product='$::FORM{'product'}'";
+               $query .= "and    bugs.product=".SqlQuote($::FORM{'product'});
        }
        $query .= <<FIN;
 and     
@@ -600,7 +600,7 @@ FIN
                 {
                 my $query = "select count(bug_id) from bugs,profiles where target_milestone=\"$ms\" and userid=assigned_to and userid=\"$person\"";
                if( $::FORM{'product'} ne "-All-" ) {
-                    $query .= "and    bugs.product='$::FORM{'product'}'";
+                    $query .= "and    bugs.product=".SqlQuote($::FORM{'product'})";
                     }
                $query .= <<FIN;
 and     
@@ -696,7 +696,7 @@ sub most_recently_doomed
        my $query;
         $query = "select distinct assigned_to from bugs where bugs.bug_status='NEW' and target_milestone='' and bug_severity!='enhancement' and status_whiteboard='' and (product='Browser' or product='MailNews')";
        if( $::FORM{'product'} ne "-All-" ) {
-               $query .= "and    bugs.product='$::FORM{'product'}'";
+               $query .= "and    bugs.product=".SqlQuote($::FORM{'product'});
        }
 
 # End build up $query string
diff --git a/showattachment.cgi b/showattachment.cgi
index d5dcfb8df4830889860ac33e873d6f44d3ad148c..4a1864b3b6fc1a11b15d1dc7a88dfec06d04b713 100755 (executable)
--- a/showattachment.cgi
+++ b/showattachment.cgi
@@ -29,7 +29,7 @@ ConnectToDatabase();
 
 my @row;
 if (defined $::FORM{'attach_id'}) {
-    SendSQL("select mimetype, thedata from attachments where attach_id = $::FORM{'attach_id'}");
+    SendSQL("select mimetype, thedata from attachments where attach_id =".SqlQuote($::FORM{'attach_id'});
     @row = FetchSQLData();
 }
 if (!@row) {
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index b15fe8d442cf1a76466d4aa6b9db6dd7c570ce5c..f15534be3d3fe2643d60aa310ba511397f940aa5 100755 (executable)
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -26,6 +26,7 @@ use strict;
 require "CGI.pl";
 
 my $id = $::FORM{'id'};
+die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/;
 my $urlbase = Param("urlbase");
 
 my %seen;
Mirror of https://github.com/bugzilla/bugzilla.git