diff options
| author | myk%mozilla.org <> | 2002-03-11 16:33:03 +0100 |
|---|---|---|
| committer | myk%mozilla.org <> | 2002-03-11 16:33:03 +0100 |
| commit | 0930c074fa7d8dabed00af2ba39a177a8d00167f (patch) | |
| tree | 7da1e3717b8e0a3c60470c9aaa15a496c81acb3d | |
| parent | 861379aee83b8b2da5e6247dc3462847b3e127b2 (diff) | |
| download | bugzilla-0930c074fa7d8dabed00af2ba39a177a8d00167f.tar.gz bugzilla-0930c074fa7d8dabed00af2ba39a177a8d00167f.tar.xz | |
Fix for bug 72184: prevents users from entering too-large comments/descriptions that get rejected by MySQL's MAX_PACKET_SIZE restrictions.
Patch by Myk Melez <myk@mozilla.org>.
r=bbaetz,gerv
| -rw-r--r-- | CGI.pl | 13 | ||||
| -rwxr-xr-x | attachment.cgi | 2 | ||||
| -rwxr-xr-x | post_bug.cgi | 2 | ||||
| -rwxr-xr-x | process_bug.cgi | 2 |
4 files changed, 19 insertions, 0 deletions
@@ -324,6 +324,19 @@ sub ValidateBugID { } + +sub ValidateComment { + # Make sure a comment is not too large (greater than 64K). + + my ($comment) = @_; + + if (defined($comment) && length($comment) > 65535) { + DisplayError("Comments cannot be longer than 65,535 characters."); + exit; + } +} + + # check and see if a given string actually represents a positive # integer, and abort if not. # diff --git a/attachment.cgi b/attachment.cgi index 32b4ef461..66c3236a7 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -77,6 +77,7 @@ elsif ($action eq "insert") { confirm_login(); ValidateBugID($::FORM{'bugid'}); + ValidateComment($::FORM{'comment'}); validateFilename(); validateData(); validateDescription(); @@ -95,6 +96,7 @@ elsif ($action eq "edit") elsif ($action eq "update") { confirm_login(); + ValidateComment($::FORM{'comment'}); validateID(); validateCanEdit($::FORM{'id'}); validateDescription(); diff --git a/post_bug.cgi b/post_bug.cgi index 0ae44d32f..58048ef7e 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -49,6 +49,8 @@ sub sillyness { confirm_login(); +ValidateComment($::FORM{'comment'}); + my $cookiepath = Param("cookiepath"); print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} ); print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} ); diff --git a/process_bug.cgi b/process_bug.cgi index f2abb0390..fb3c0e482 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -92,6 +92,8 @@ if (defined $::FORM{'dup_id'} && $::FORM{'knob'} eq "duplicate") { DuplicateUserConfirm(); } +ValidateComment($::FORM{'comment'}); + ###################################################################### # End Data/Security Validation ###################################################################### |