From: justdave%syndicomm.com <> Date: Sat, 17 Nov 2001 16:34:46 +0000 (+0000) Subject: Fix for bug 109690: long_list.cgi was not validating that the bug ID parameter was... X-Git-Tag: bugzilla-2.14.1~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d2e934b8cbc5ebe66b472652fbc9472427b6c74;p=thirdparty%2Fbugzilla.git Fix for bug 109690: long_list.cgi was not validating that the bug ID parameter was actually a number. Patch by Brad Baetz r= justdave, gerv --- diff --git a/long_list.cgi b/long_list.cgi index f6182d4393..b74e1378b2 100755 --- a/long_list.cgi +++ b/long_list.cgi @@ -32,7 +32,6 @@ require "CGI.pl"; sub sillyness { my $zz; $zz = $::legal_keywords; - $zz = $::userid; $zz = $::usergroupset; $zz = %::FORM; } @@ -69,13 +68,13 @@ select bugs.status_whiteboard, bugs.keywords from bugs,profiles assign,profiles report -where assign.userid = bugs.assigned_to and report.userid = bugs.reporter and"; +where assign.userid = bugs.assigned_to and report.userid = bugs.reporter and +bugs.groupset & $::usergroupset = bugs.groupset and"; $::FORM{'buglist'} = "" unless exists $::FORM{'buglist'}; foreach my $bug (split(/:/, $::FORM{'buglist'})) { detaint_natural($bug) || next; - SendSQL(SelectVisible("$generic_query bugs.bug_id = $bug", - $::userid, $::usergroupset)); + SendSQL("$generic_query bugs.bug_id = $bug"); my @row; if (@row = FetchSQLData()) { @@ -106,12 +105,12 @@ foreach my $bug (split(/:/, $::FORM{'buglist'})) { } print "QA Contact: $name\n"; } - print "Component: $component\n"; + print "Component: $component\n"; if (Param("usetargetmilestone")) { - print "Target Milestone: $target_milestone\n"; + print "Target milestone:$target_milestone\n"; } print "URL: "; - print "" . html_quote($url) . "\n"; + print "" . html_quote($url) . "\n"; print "Summary: " . html_quote($shortdesc) . "\n"; if (@::legal_keywords) { print "Keywords: $keywords\n";