From a501990902c9a7535eec703c2597b2db44e0a19f Mon Sep 17 00:00:00 2001 From: "mozilla%colinogilvie.co.uk" <> Date: Mon, 9 Jan 2006 03:54:34 +0000 Subject: [PATCH] Bug 101380: Newlines, nulls, leading/trailing spaces are getting into summaries Patch by Paul and Colin Ogilvie ; r/a=justdave --- Bugzilla/Util.pm | 12 +++++++++++- checksetup.pl | 19 +++++++++++++++++++ post_bug.cgi | 5 ++++- process_bug.cgi | 1 + 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 3374d2c115..9d5f40ffb6 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -39,7 +39,7 @@ use base qw(Exporter); trim wrap_comment find_wrap_point format_time format_time_decimal file_mod_time - bz_crypt); + bz_crypt clean_text); use Bugzilla::Config; use Bugzilla::Error; @@ -359,6 +359,12 @@ sub ValidateDate { } } +sub clean_text { + my ($dtext) = shift; + $dtext =~ s/[\x00-\x1F\x7F]+/ /g; # change control characters to a space + return trim($dtext); +} + 1; __END__ @@ -611,6 +617,10 @@ Takes a string and returns a Ced value for it, using a random salt. Please always use this function instead of the built-in perl "crypt" when initially encrypting a password. +=item C +Returns the parameter "cleaned" by exchanging non-printable characters with a space. +Specifically characters (ASCII 0 through 31) and (ASCII 127) will become ASCII 32 (Space). + =begin undocumented Random salts are generated because the alternative is usually diff --git a/checksetup.pl b/checksetup.pl index 4d38c35533..2cf33249da 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -4168,6 +4168,25 @@ if (@$broken_nonopen_series) { print " done.\n"; } +# Fixup for Bug 101380 +# "Newlines, nulls, leading/trailing spaces are getting into summaries" + +my $controlchar_bugs = + $dbh->selectall_arrayref("SELECT short_desc, bug_id FROM bugs WHERE " . + "'short_desc' " . $dbh->sql_regexp . + " '[[:cntrl:]]'"); +if (@$controlchar_bugs) +{ + print 'Cleaning control characters from bug summaries...'; + foreach (@$controlchar_bugs) { + my ($short_desc, $bug_id) = @$_; + print " $bug_id..."; + $short_desc = clean_text($short_desc); + $dbh->do("UPDATE bugs SET short_desc = ? WHERE bug_id = ?", + undef, $short_desc, $bug_id); + } + print " done.\n"; +} # If you had to change the --TABLE-- definition in any way, then add your # differential change code *** A B O V E *** this comment. diff --git a/post_bug.cgi b/post_bug.cgi index bd0f73e16f..0277229d2f 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -110,8 +110,11 @@ my $component_id = get_component_id($product_id, scalar($cgi->param('component'))); $component_id || ThrowUserError("require_component"); +# Set the parameter to itself, but cleaned up +$cgi->param('short_desc', clean_text($cgi->param('short_desc'))); + if (!defined $cgi->param('short_desc') - || trim($cgi->param('short_desc')) eq "") { + || $cgi->param('short_desc') eq "") { ThrowUserError("require_summary"); } diff --git a/process_bug.cgi b/process_bug.cgi index 7d84bfee65..49c4216ee6 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -610,6 +610,7 @@ if (defined $cgi->param('id')) { CheckFormFieldDefined($cgi, 'bug_file_loc'); CheckFormFieldDefined($cgi, 'short_desc'); CheckFormFieldDefined($cgi, 'longdesclength'); + $cgi->param('short_desc', clean_text($cgi->param('short_desc'))); if (trim($cgi->param('short_desc')) eq "") { ThrowUserError("require_summary"); -- 2.47.2