From c34003dcdd1cc0705c5464164f7d4dfd52d6d3d6 Mon Sep 17 00:00:00 2001 From: "dkl%redhat.com" <> Date: Thu, 19 Jun 2008 23:06:27 +0000 Subject: [PATCH] =?utf8?q?Bug=20157092=20=C3=A2=C2=80=C2=93=20Implement=20?= =?utf8?q?a=20checking=20mechanism=20for=20invalid=20regexp=20Patch=20by?= =?utf8?q?=20David=20Lawrence=20=20-=20r/a=3Dmkanat?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- Bugzilla/DB.pm | 9 +++++++++ Bugzilla/DB/Mysql.pm | 8 ++++++-- Bugzilla/DB/Oracle.pm | 8 ++++++-- Bugzilla/DB/Pg.pm | 8 ++++++-- template/en/default/global/user-error.html.tmpl | 5 +++++ 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm index 1617b7fc27..2eba304828 100644 --- a/Bugzilla/DB.pm +++ b/Bugzilla/DB.pm @@ -383,6 +383,15 @@ sub bz_last_key { $table, $column); } +sub bz_check_regexp { + my ($self, $pattern) = @_; + + eval { $self->do("SELECT " . $self->sql_regexp($self->quote("a"), $pattern, 1)) }; + + $@ && ThrowUserError('illegal_regexp', + { value => $pattern, dberror => $self->errstr }); +} + ##################################################################### # Database Setup ##################################################################### diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm index 8bca06f4c8..80f1cd7933 100644 --- a/Bugzilla/DB/Mysql.pm +++ b/Bugzilla/DB/Mysql.pm @@ -104,13 +104,17 @@ sub bz_last_key { } sub sql_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "$expr REGEXP $pattern"; } sub sql_not_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "$expr NOT REGEXP $pattern"; } diff --git a/Bugzilla/DB/Oracle.pm b/Bugzilla/DB/Oracle.pm index 9f759785e2..1387a45cb4 100644 --- a/Bugzilla/DB/Oracle.pm +++ b/Bugzilla/DB/Oracle.pm @@ -95,13 +95,17 @@ sub bz_last_key { } sub sql_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "REGEXP_LIKE($expr, $pattern)"; } sub sql_not_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "NOT REGEXP_LIKE($expr, $pattern)" } diff --git a/Bugzilla/DB/Pg.pm b/Bugzilla/DB/Pg.pm index 4777ba89a1..a6a2e3281c 100644 --- a/Bugzilla/DB/Pg.pm +++ b/Bugzilla/DB/Pg.pm @@ -93,13 +93,17 @@ sub bz_last_key { } sub sql_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "$expr ~* $pattern"; } sub sql_not_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "$expr !~* $pattern" } diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 6c3ed7dbc0..2d5c3b3558 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -783,6 +783,11 @@ [% IF format %] Please use the format '[% format FILTER html %]'. [% END %] + + [% ELSIF error == "illegal_regexp" %] + [% title = "Illegal Regular Expression" %] + The regular expression you provided [% value FILTER html %] is not valid. + The error was: [% dberror FILTER html %]. [% ELSIF error == "insufficient_data_points" %] [% docslinks = {'reporting.html' => 'Reporting'} %] -- 2.47.3