From: terry%netscape.com <> Date: Tue, 1 Sep 1998 03:38:47 +0000 (+0000) Subject: Patch by Sam Ziegler -- do some sanity X-Git-Tag: bugzilla-1.3~34 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ac9d7ea42444bceb886b61e8d7996dce2ad392b;p=thirdparty%2Fbugzilla.git Patch by Sam Ziegler -- do some sanity checking on the list of column names we're given. --- diff --git a/buglist.cgi b/buglist.cgi index bc07173b09..6a0edf86f9 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -23,6 +23,7 @@ puts "Content-type: multipart/x-mixed-replace;boundary=ThisRandomString" puts "" puts "--ThisRandomString" + # The below "if catch" stuff, if uncommented, will trap any error, and # mail the error messages to terry. What a hideous, horrible # debugging hack. @@ -155,8 +156,10 @@ select foreach c $collist { - append query ", + if {[info exists needquote($c)] } { + append query ", \t$key($c)" + } } @@ -238,6 +241,7 @@ Click the Back button and try again." } + if {[info exists FORM(order)]} { qadd "order by " switch -glob $FORM(order) { @@ -267,7 +271,6 @@ if {[info exists FORM(debug)]} { puts "
$query
" } flush stdout - SendSQL $query set count 0 @@ -297,15 +300,17 @@ set tablestart " foreach c $collist { - if {$needquote($c)} { - append tablestart "
" - } else { - append tablestart "" - } - if {[info exists sortkey($c)]} { - append tablestart "$title($c)" - } else { - append tablestart $title($c) + if { [info exists needquote($c)] } { + if {$needquote($c)} { + append tablestart "" + } else { + append tablestart "" + } + if {[info exists sortkey($c)]} { + append tablestart "$title($c)" + } else { + append tablestart $title($c) + } } } @@ -366,7 +371,7 @@ while { $p_true } { } - if {$needquote($c)} { + if { [info exists needquote($c)] && $needquote($c)} { set value [html_quote $value] } else { set value "$value" @@ -383,7 +388,6 @@ while { $p_true } { } } } - puts "" puts "--ThisRandomString" @@ -398,7 +402,6 @@ if { [info exists buglist] } { } } puts "" - set env(TZ) PST8PDT PutHeader "Bug List" "Bug List"