From: justdave%syndicomm.com <>
Date: Sat, 25 Aug 2001 00:32:24 +0000 (+0000)
Subject: Fix for bug 95235: variables with untrusted content were being echoed back to the... 
X-Git-Tag: bugzilla-2.14~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=549954949a402ba5bc84cfb83cda3d62a8e1a887;p=thirdparty%2Fbugzilla.git

Fix for bug 95235: variables with untrusted content were being echoed back to the user in error messages.  Those variables are now run through html_quote() first.
Patch by Gavin Shelley <gavins@iplbath.com>
r= justdave@syndicomm.com
---

diff --git a/buglist.cgi b/buglist.cgi
index 0f6dbed411..2b2a394bf7 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -85,7 +85,7 @@ sub SqlifyDate {
     }
     my $date = str2time($str);
     if (!defined $date) {
-        PuntTryAgain("The string '<tt>$str</tt>' is not a legal date.");
+        PuntTryAgain("The string '<tt>".html_quote($str)."</tt>' is not a legal date.");
     }
     return time2str("%Y/%m/%d %H:%M:%S", $date);
 }
@@ -172,7 +172,8 @@ sub GenerateSQL {
         if ($c ne "") {
             if ($c !~ /^[0-9]*$/) {
                 return Error("The 'At least ___ votes' field must be a\n" .
-                             "simple number. You entered \"$c\", which\n" .
+                             "simple number. You entered \"" .
+                             html_quote($c) . "\", which\n" .
                              "doesn't cut it.");
             }
             push(@specialchart, ["votes", "greaterthan", $c - 1]);
@@ -250,7 +251,8 @@ sub GenerateSQL {
             push(@specialchart, \@clist);
         } else {
             return Error("You must specify one or more fields in which to\n" .
-                  "search for <tt>$email</tt>.\n");
+                         "search for <tt>" .
+                         html_quote($email) . "</tt>.\n");
         }
     }
 
@@ -260,7 +262,8 @@ sub GenerateSQL {
         if ($c ne "") {
             if ($c !~ /^[0-9]*$/) {
                 return Error("The 'changed in last ___ days' field must be\n" .
-                             "a simple number. You entered \"$c\", which\n" .
+                             "a simple number. You entered \"" .
+                             html_quote($c) . "\", which\n" .
                              "doesn't cut it.");
             }
             push(@specialchart, ["changedin",
@@ -428,7 +431,8 @@ sub GenerateSQL {
                  if ($id) {
                      push(@list, "$table.keywordid = $id");
                  } else {
-                     return Error("Unknown keyword named <code>$v</code>.\n" .
+                     return Error("Unknown keyword named <code>" .
+                                  html_quote($v) . "</code>.\n" .
                                   "<P>The legal keyword names are\n" .
                                   "<A HREF=describekeywords.cgi>" .
                                   "listed here</A>.\n");
diff --git a/process_bug.cgi b/process_bug.cgi
index 82e9cb9889..53ec8d9dad 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -749,7 +749,8 @@ if ($::FORM{'keywords'}) {
         }
         my $i = GetKeywordIdFromName($keyword);
         if (!$i) {
-            PuntTryAgain("Unknown keyword named <code>$keyword</code>. " .
+            PuntTryAgain("Unknown keyword named <code>" .
+                         html_quote($keyword) . "</code>. " .
                          "<P>The legal keyword names are " .
                          "<A HREF=describekeywords.cgi>" .
                          "listed here</A>.");