Bug 101380: Newlines, nulls, leading/trailing spaces are getting into summaries

Patch by Paul <pdemarco@zoominternet.net> and Colin Ogilvie <colin.ogilvie@gmail.com>; r/a=justdave

diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index bbc13b3ffab19e7217593573d103fd093ca4a4f7..bbbdc0f2fb1ae43e4fc3512e00d4595b573749cf 100644 (file)
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -33,7 +33,7 @@ use base qw(Exporter);
                              html_quote url_quote value_quote xml_quote
                              css_class_quote
                              lsearch max min
-                             trim format_time);
+                             trim format_time clean_text);
 
 use Bugzilla::Config;
 
@@ -191,6 +191,12 @@ sub format_time {
     return $time;
 }
 
+sub clean_text {
+    my ($dtext) = shift;
+    $dtext =~  s/[\x00-\x1F\x7F]+/ /g;   # change control characters to a space
+    return trim($dtext);
+}
+
 1;
 
 __END__
@@ -342,6 +348,10 @@ Returns the minimum from a set of values.
 Removes any leading or trailing whitespace from a string. This routine does not
 modify the existing string.
 
+=item C<clean_text($str)>
+Returns the parameter "cleaned" by exchanging non-printable characters with spaces.
+Specifically characters (ASCII 0 through 31) and (ASCII 127) will become ASCII 32 (Space).
+
 =back
 
 =head2 Formatting Time

diff --git a/checksetup.pl b/checksetup.pl
index 4acad865a835cc5f11c7065b1eaa913a7ed01f20..e632c0fac2cd4fff3b39853f50705305d658fab5 100755 (executable)
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -4255,6 +4255,24 @@ if (@$broken_nonopen_series) {
     print " done.\n";
 }
 
+# Fixup for Bug 101380
+# "Newlines, nulls, leading/trailing spaces are getting into summaries"
+
+my $controlchar_bugs =
+    $dbh->selectall_arrayref("SELECT short_desc, bug_id FROM bugs WHERE " .
+                             "short_desc REGEXP '[[:cntrl:]]'");
+if (@$controlchar_bugs)
+{
+    print 'Cleaning control characters from bug summaries...';
+    foreach (@$controlchar_bugs) {
+        my ($short_desc, $bug_id) = @$_;
+        print " $bug_id...";
+        $short_desc = clean_text($short_desc);
+        $dbh->do("UPDATE bugs SET short_desc = ? WHERE bug_id = ?",
+                 undef, $short_desc, $bug_id);
+    }
+    print " done.\n";
+}
 
 # If you had to change the --TABLE-- definition in any way, then add your
 # differential change code *** A B O V E *** this comment.

diff --git a/post_bug.cgi b/post_bug.cgi
index 696f70210a1515508f357b8b1c033f51c7a05057..3c86084160011370f7fb4cd809307ae47a2361b8 100755 (executable)
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -109,7 +109,10 @@ umask 0;
 my $component_id = get_component_id($product_id, $::FORM{component});
 $component_id || ThrowUserError("require_component");
 
-if (!defined $::FORM{'short_desc'} || trim($::FORM{'short_desc'}) eq "") {
+# Set the parameter to itself, but cleaned up
+$::FORM{'short_desc'} = clean_text($::FORM{'short_desc'});
+
+if (!defined $::FORM{'short_desc'} || $::FORM{'short_desc'} eq "") {
     ThrowUserError("require_summary");
 }
 

diff --git a/process_bug.cgi b/process_bug.cgi
index bb455ec2f6db0a309eb4d4a97d165988c4527dcb..591773b2fb7b7cb71930d3bd56049939f1371ffd 100755 (executable)
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -559,6 +559,7 @@ if (defined $::FORM{'id'}) {
     CheckFormFieldDefined(\%::FORM, 'bug_file_loc');
     CheckFormFieldDefined(\%::FORM, 'short_desc');
     CheckFormFieldDefined(\%::FORM, 'longdesclength');
+    $::FORM{'short_desc'} = clean_text($::FORM{'short_desc'});
 
     if (trim($::FORM{'short_desc'}) eq "") {
         ThrowUserError("require_summary");