From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 2 Jan 2014 23:04:03 +0000 (+0100)
Subject: Bug 543432: [PostgreSQL] Crash when typing a string in combination with a numeric... 
X-Git-Tag: bugzilla-4.4.2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91eb582faf4ef030f91750dc7909de5e104d7f0d;p=thirdparty%2Fbugzilla.git

Bug 543432: [PostgreSQL] Crash when typing a string in combination with a numeric field
r=dkl a=sgreen
---

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index b67f9f7519..dc298a0532 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -265,9 +265,24 @@ sub multipart_start {
         $headers .= "Set-Cookie: ${cookie}${CGI::CRLF}";
     }
     $headers .= $CGI::CRLF;
+    $self->{_multipart_in_progress} = 1;
     return $headers;
 }
 
+sub close_standby_message {
+    my ($self, $contenttype, $disposition) = @_;
+
+    if ($self->{_multipart_in_progress}) {
+        print $self->multipart_end();
+        print $self->multipart_start(-type                => $contenttype,
+                                     -content_disposition => $disposition);
+    }
+    else {
+        print $self->header(-type                => $contenttype,
+                            -content_disposition => $disposition);
+    }
+}
+
 # Override header so we can add the cookies in
 sub header {
     my $self = shift;
@@ -632,6 +647,15 @@ instead of calling this directly.
 
 Redirects from the current URL to one prefixed by the urlbase parameter.
 
+=item C<multipart_start>
+
+Starts a new part of the multipart document using the specified MIME type.
+If not specified, text/html is assumed.
+
+=item C<close_standby_message>
+
+Ends a part of the multipart document, and starts another part.
+
 =back
 
 =head1 SEE ALSO
diff --git a/Bugzilla/Error.pm b/Bugzilla/Error.pm
index e1df5ddbb1..cebc2a4ac0 100644
--- a/Bugzilla/Error.pm
+++ b/Bugzilla/Error.pm
@@ -92,8 +92,10 @@ sub _throw_error {
                                              message => \$message });
 
     if (Bugzilla->error_mode == ERROR_MODE_WEBPAGE) {
-        print Bugzilla->cgi->header();
+        my $cgi = Bugzilla->cgi;
+        $cgi->close_standby_message('text/html', 'inline');
         print $message;
+        print $cgi->multipart_final() if $cgi->{_multipart_in_progress};
     }
     elsif (Bugzilla->error_mode == ERROR_MODE_TEST) {
         die Dumper($vars);
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index b2c703e5b4..f900b34740 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -1951,11 +1951,18 @@ sub _quote_unless_numeric {
     my $numeric_field = $self->_chart_fields->{$field}->is_numeric;
     my $numeric_value = ($value =~ NUMBER_REGEX) ? 1 : 0;
     my $is_numeric = $numeric_operator && $numeric_field && $numeric_value;
+
+    # These operators are really numeric operators with numeric fields.
+    $numeric_operator = grep { $_ eq $operator } keys %{ SIMPLE_OPERATORS() };
+
     if ($is_numeric) {
         my $quoted = $value;
         trick_taint($quoted);
         return $quoted;
     }
+    elsif ($numeric_field && !$numeric_value && $numeric_operator) {
+        ThrowUserError('number_not_numeric', { field => $field, num => $value });
+    }
     return Bugzilla->dbh->quote($value);
 }
 
diff --git a/buglist.cgi b/buglist.cgi
index 4e3d2bd7af..81350dc811 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -284,23 +284,6 @@ sub GetGroups {
     return [values %legal_groups];
 }
 
-sub _close_standby_message {
-    my ($contenttype, $disposition, $serverpush) = @_;
-    my $cgi = Bugzilla->cgi;
-
-    # Close the "please wait" page, then open the buglist page
-    if ($serverpush) {
-        print $cgi->multipart_end();
-        print $cgi->multipart_start(-type                => $contenttype,
-                                    -content_disposition => $disposition);
-    }
-    else {
-        print $cgi->header(-type                => $contenttype,
-                           -content_disposition => $disposition);
-    }
-}
-
-
 ################################################################################
 # Command Execution
 ################################################################################
@@ -945,7 +928,6 @@ if ($one_product && $user->can_enter_product($one_product)) {
 # The following variables are used when the user is making changes to multiple bugs.
 if ($dotweak && scalar @bugs) {
     if (!$vars->{'caneditbugs'}) {
-        _close_standby_message('text/html', 'inline', $serverpush);
         ThrowUserError('auth_failure', {group  => 'editbugs',
                                         action => 'modify',
                                         object => 'multiple_bugs'});
@@ -1055,7 +1037,7 @@ if ($format->{'extension'} eq "csv") {
 # Suggest a name for the bug list if the user wants to save it as a file.
 $disposition .= "; filename=\"$filename\"";
 
-_close_standby_message($contenttype, $disposition, $serverpush);
+$cgi->close_standby_message($contenttype, $disposition);
 
 ################################################################################
 # Content Generation