Bug 545610: Correctly parse CGI parameters, especially when using mod_perl

r=gerv a=LpSolit

diff --git a/report.cgi b/report.cgi
index dccc470a7bce5d83e016c852d8235cb9e2185f84..1ec3ac8649d44c493dd2ec7af10b08c02e8afa27 100755 (executable)
--- a/report.cgi
+++ b/report.cgi
@@ -36,7 +36,6 @@ use List::MoreUtils qw(uniq);
 my $cgi = Bugzilla->cgi;
 my $template = Bugzilla->template;
 my $vars = {};
-my $buffer = $cgi->query_string();
 
 # Go straight back to query.cgi if we are adding a boolean chart.
 if (grep(/^cmd-/, $cgi->param())) {
@@ -49,9 +48,6 @@ if (grep(/^cmd-/, $cgi->param())) {
 }
 
 Bugzilla->login();
-
-my $dbh = Bugzilla->switch_to_shadow_db();
-
 my $action = $cgi->param('action') || 'menu';
 
 if ($action eq "menu") {
@@ -62,6 +58,9 @@ if ($action eq "menu") {
     exit;
 }
 
+# Sanitize the URL, to make URLs shorter.
+$cgi->clean_search_url;
+
 my $col_field = $cgi->param('x_axis_field') || '';
 my $row_field = $cgi->param('y_axis_field') || '';
 my $tbl_field = $cgi->param('z_axis_field') || '';
@@ -135,6 +134,7 @@ my $query = $search->sql;
 $::SIG{TERM} = 'DEFAULT';
 $::SIG{PIPE} = 'DEFAULT';
 
+my $dbh = Bugzilla->switch_to_shadow_db();
 my $results = $dbh->selectall_arrayref($query);
 
 # We have a hash of hashes for the data itself, and a hash to hold the 
@@ -243,10 +243,10 @@ if ($action eq "wrap") {
     # We need to keep track of the defined restrictions on each of the 
     # axes, because buglistbase, below, throws them away. Without this, we
     # get buglistlinks wrong if there is a restriction on an axis field.
-    $vars->{'col_vals'} = join("&", $buffer =~ /[&?]($col_field=[^&]+)/g);
-    $vars->{'row_vals'} = join("&", $buffer =~ /[&?]($row_field=[^&]+)/g);
-    $vars->{'tbl_vals'} = join("&", $buffer =~ /[&?]($tbl_field=[^&]+)/g);
-    
+    $vars->{'col_vals'} = get_field_restrictions($col_field);
+    $vars->{'row_vals'} = get_field_restrictions($row_field);
+    $vars->{'tbl_vals'} = get_field_restrictions($tbl_field);
+
     # We need a number of different variants of the base URL for different
     # URLs in the HTML.
     $vars->{'buglistbase'} = $cgi->canonicalise_query(
@@ -346,3 +346,10 @@ sub check_value {
     }
     return $value;
 }
+
+sub get_field_restrictions {
+    my $field = shift;
+    my $cgi = Bugzilla->cgi;
+
+    return join('&', map {"$field=$_"} $cgi->param($field));
+}

diff --git a/template/en/default/reports/report-table.html.tmpl b/template/en/default/reports/report-table.html.tmpl
index d32335ce80000a607bd66252766914eb085c5674..15de4bc90a389e05cd32ca698a2f1848c7ee0419 100644 (file)
--- a/template/en/default/reports/report-table.html.tmpl
+++ b/template/en/default/reports/report-table.html.tmpl
@@ -36,13 +36,14 @@
 
 [% col_field_disp = field_descs.$col_field || col_field %]
 [% row_field_disp = field_descs.$row_field || row_field %]
-  
+
+[% urlbase = BLOCK %]buglist.cgi?[% buglistbase FILTER html %][% END %]
 [% IF tbl == "-total-" %]
-  [% urlbase = BLOCK %]buglist.cgi?[% buglistbase FILTER html %]
-  [% "&$tbl_vals" IF tbl_vals %][% END %]
-[% ELSE %]
-  [% urlbase = BLOCK %]buglist.cgi?[% buglistbase FILTER html %]&
-  [% tbl_field FILTER uri %]=[% tbl FILTER uri %][% END %]
+  [% IF tbl_vals %]
+    [% urlbase = urlbase _ "&" _ tbl_vals %]
+  [% END %]
+[% ELSIF tbl_field %]
+  [% urlbase = BLOCK %][% urlbase %]&[% tbl_field FILTER uri %]=[% tbl FILTER uri %][% END %]
 [% END %]
 
 <script type="text/javascript">