summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-12-08 17:55:41 +0100
committerlpsolit%gmail.com <>2005-12-08 17:55:41 +0100
commitfa5ed8f8630277c2560df1bf9fefdab30dec022e (patch)
tree8ec1013aa7ed52d3c8c1d0d880c4b316bd877e8b
parent73997d5064384dd64c82a714947644f4ffcc4366 (diff)
downloadbugzilla-fa5ed8f8630277c2560df1bf9fefdab30dec022e.tar.gz
bugzilla-fa5ed8f8630277c2560df1bf9fefdab30dec022e.tar.xz
Bug 238780: editversions.cgi should reject newline characters (and convert them to whitespaces) - Patch by Paul <pdemarco@ppg.com> r=LpSolit a=justdave
-rw-r--r--Bugzilla/Util.pm12
-rwxr-xr-xeditversions.cgi7
2 files changed, 18 insertions, 1 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 21885bbdc..31a1052e4 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -42,7 +42,7 @@ use base qw(Exporter);
format_time format_time_decimal validate_date
file_mod_time is_7bit_clean
bz_crypt generate_random_password
- validate_email_syntax);
+ validate_email_syntax clean_text);
use Bugzilla::Config;
use Bugzilla::Constants;
@@ -390,6 +390,12 @@ sub is_7bit_clean {
return $_[0] !~ /[^\x20-\x7E\x0A\x0D]/;
}
+sub clean_text {
+ my ($dtext) = shift;
+ $dtext =~ s/[\x00-\x1F\x7F]/ /g; # change control characters to spaces
+ return $dtext;
+}
+
1;
__END__
@@ -639,6 +645,10 @@ into the string.
Returns true is the string contains only 7-bit characters (ASCII 32 through 126,
ASCII 10 (LineFeed) and ASCII 13 (Carrage Return).
+=item C<clean_text($str)>
+Returns the parameter "cleaned" by exchanging non-printable characters with spaces.
+Specifically characters (ASCII 0 through 31) and (ASCII 127) will become ASCII 32 (Space).
+
=back
=head2 Formatting Time
diff --git a/editversions.cgi b/editversions.cgi
index 396a6e605..eae1001ca 100755
--- a/editversions.cgi
+++ b/editversions.cgi
@@ -128,6 +128,9 @@ if ($action eq 'new') {
# Cleanups and valididy checks
$version_name || ThrowUserError('version_blank_name');
+ # Remove unprintable characters
+ $version_name = clean_text($version_name);
+
my $version = new Bugzilla::Version($product->id, $version_name);
if ($version) {
ThrowUserError('version_already_exists',
@@ -240,6 +243,10 @@ if ($action eq 'edit') {
if ($action eq 'update') {
$version_name || ThrowUserError('version_not_specified');
+
+ # Remove unprintable characters
+ $version_name = clean_text($version_name);
+
my $version_old_name = trim($cgi->param('versionold') || '');
my $version_old =
Bugzilla::Version::check_version($product,