From: mozilla%colinogilvie.co.uk <>
Date: Mon, 9 Jan 2006 03:53:05 +0000 (+0000)
Subject: Bug 101380: Newlines, nulls, leading/trailing spaces are getting into summaries
X-Git-Tag: bugzilla-2.18.5~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e21a2b26516a5195058c30d370136ad9ffe3cbea;p=thirdparty%2Fbugzilla.git

Bug 101380: Newlines, nulls, leading/trailing spaces are getting into summaries
Patch by Paul <pdemarco@zoominternet.net> and Colin Ogilvie <colin.ogilvie@gmail.com>; r/a=justdave
---

diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index bbc13b3ffa..bbbdc0f2fb 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -33,7 +33,7 @@ use base qw(Exporter);
                              html_quote url_quote value_quote xml_quote
                              css_class_quote
                              lsearch max min
-                             trim format_time);
+                             trim format_time clean_text);
 
 use Bugzilla::Config;
 
@@ -191,6 +191,12 @@ sub format_time {
     return $time;
 }
 
+sub clean_text {
+    my ($dtext) = shift;
+    $dtext =~  s/[\x00-\x1F\x7F]+/ /g;   # change control characters to a space
+    return trim($dtext);
+}
+
 1;
 
 __END__
@@ -342,6 +348,10 @@ Returns the minimum from a set of values.
 Removes any leading or trailing whitespace from a string. This routine does not
 modify the existing string.
 
+=item C<clean_text($str)>
+Returns the parameter "cleaned" by exchanging non-printable characters with spaces.
+Specifically characters (ASCII 0 through 31) and (ASCII 127) will become ASCII 32 (Space).
+
 =back
 
 =head2 Formatting Time
diff --git a/checksetup.pl b/checksetup.pl
index 4acad865a8..e632c0fac2 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -4255,6 +4255,24 @@ if (@$broken_nonopen_series) {
     print " done.\n";
 }
 
+# Fixup for Bug 101380
+# "Newlines, nulls, leading/trailing spaces are getting into summaries"
+
+my $controlchar_bugs =
+    $dbh->selectall_arrayref("SELECT short_desc, bug_id FROM bugs WHERE " .
+                             "short_desc REGEXP '[[:cntrl:]]'");
+if (@$controlchar_bugs)
+{
+    print 'Cleaning control characters from bug summaries...';
+    foreach (@$controlchar_bugs) {
+        my ($short_desc, $bug_id) = @$_;
+        print " $bug_id...";
+        $short_desc = clean_text($short_desc);
+        $dbh->do("UPDATE bugs SET short_desc = ? WHERE bug_id = ?",
+                 undef, $short_desc, $bug_id);
+    }
+    print " done.\n";
+}
 
 # If you had to change the --TABLE-- definition in any way, then add your
 # differential change code *** A B O V E *** this comment.
diff --git a/post_bug.cgi b/post_bug.cgi
index 696f70210a..3c86084160 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -109,7 +109,10 @@ umask 0;
 my $component_id = get_component_id($product_id, $::FORM{component});
 $component_id || ThrowUserError("require_component");
 
-if (!defined $::FORM{'short_desc'} || trim($::FORM{'short_desc'}) eq "") {
+# Set the parameter to itself, but cleaned up
+$::FORM{'short_desc'} = clean_text($::FORM{'short_desc'});
+
+if (!defined $::FORM{'short_desc'} || $::FORM{'short_desc'} eq "") {
     ThrowUserError("require_summary");
 }
 
diff --git a/process_bug.cgi b/process_bug.cgi
index bb455ec2f6..591773b2fb 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -559,6 +559,7 @@ if (defined $::FORM{'id'}) {
     CheckFormFieldDefined(\%::FORM, 'bug_file_loc');
     CheckFormFieldDefined(\%::FORM, 'short_desc');
     CheckFormFieldDefined(\%::FORM, 'longdesclength');
+    $::FORM{'short_desc'} = clean_text($::FORM{'short_desc'});
 
     if (trim($::FORM{'short_desc'}) eq "") {
         ThrowUserError("require_summary");