diff options
author | bbaetz%student.usyd.edu.au <> | 2002-06-08 12:06:10 +0200 |
---|---|---|
committer | bbaetz%student.usyd.edu.au <> | 2002-06-08 12:06:10 +0200 |
commit | 78cbd8ba5f133da98a7a10910d43a901f7a21c39 (patch) | |
tree | a5ad05fb639ac3f78640ebda7b2fb4eabaaf05e1 | |
parent | 58a015c7371684ee84483c4e3da5e597f6c86e75 (diff) | |
download | bugzilla-78cbd8ba5f133da98a7a10910d43a901f7a21c39.tar.gz bugzilla-78cbd8ba5f133da98a7a10910d43a901f7a21c39.tar.xz |
Bug 149845 - buglist.cgi checks for ORDER validity are wrong
r=myk x2
-rwxr-xr-x | buglist.cgi | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/buglist.cgi b/buglist.cgi index b7fb72a69..925f0296f 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -1302,11 +1302,13 @@ if ($order) { # by which to sort the results. ORDER: for ($order) { /\./ && do { + my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns)); # A custom list of columns. Make sure each column is valid. - foreach my $fragment (split(/[,\s]+/, $order)) { - next if $fragment =~ /^asc|desc$/i; - my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns)); - if (!grep($_ eq $fragment, @columnnames)) { + foreach my $fragment (split(/,/, $order)) { + $fragment = trim($fragment); + # Accept an order fragment matching a column name, with + # asc|desc optionally following (to specify the direction) + if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) { my $qfragment = html_quote($fragment); my $error = "The custom sort order you specified in your " . "form submission contains an invalid column " |