Bug 853314: unable to edit bugzilla push options - insecure dependency

6 files changed, 26 insertions, 1 deletions

diff --git a/contrib/sanitizeme.pl b/contrib/sanitizeme.pl
index 362700be0..a2376f46d 100755
--- a/contrib/sanitizeme.pl
+++ b/contrib/sanitizeme.pl
@@ -161,11 +161,19 @@ sub delete_sensitive_user_data {
     $dbh->do("DELETE FROM tokens");
     $dbh->do("DELETE FROM logincookies");
     $dbh->do("DELETE FROM login_failure");
+    $dbh->do("DELETE FROM audit_log");
+    # queued bugmail
     $dbh->do("DELETE FROM ts_error");
     $dbh->do("DELETE FROM ts_exitstatus");
     $dbh->do("DELETE FROM ts_funcmap");
     $dbh->do("DELETE FROM ts_job");
     $dbh->do("DELETE FROM ts_note");
+    # push extension messages
+    $dbh->do("DELETE FROM push");
+    $dbh->do("DELETE FROM push_backlog");
+    $dbh->do("DELETE FROM push_backoff");
+    $dbh->do("DELETE FROM push_log");
+    $dbh->do("DELETE FROM push_options");
 }
 
 sub delete_attachment_data {
diff --git a/extensions/Push/lib/Admin.pm b/extensions/Push/lib/Admin.pm
index d7df25c09..f579409bd 100644
--- a/extensions/Push/lib/Admin.pm
+++ b/extensions/Push/lib/Admin.pm
@@ -13,7 +13,7 @@ use warnings;
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
-use Bugzilla::Util qw(trim detaint_natural);
+use Bugzilla::Util qw(trim detaint_natural trick_taint);
 
 use base qw(Exporter);
 our @EXPORT = qw(
@@ -67,6 +67,7 @@ sub _update_config_from_form {
     # update
     foreach my $option ($config->options) {
         my $option_name = $option->{name};
+        trick_taint($values->{$option_name});
         $config->{$option_name} = $values->{$option_name};
     }
     $config->update();
diff --git a/extensions/Push/lib/BacklogMessage.pm b/extensions/Push/lib/BacklogMessage.pm
index f9496fa24..8f5263038 100644
--- a/extensions/Push/lib/BacklogMessage.pm
+++ b/extensions/Push/lib/BacklogMessage.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
diff --git a/extensions/Push/lib/Backoff.pm b/extensions/Push/lib/Backoff.pm
index bc302a2a9..c0ea15a59 100644
--- a/extensions/Push/lib/Backoff.pm
+++ b/extensions/Push/lib/Backoff.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Util;
 
diff --git a/extensions/Push/lib/LogEntry.pm b/extensions/Push/lib/LogEntry.pm
index b883ee095..303c19da4 100644
--- a/extensions/Push/lib/LogEntry.pm
+++ b/extensions/Push/lib/LogEntry.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Constants;
diff --git a/extensions/Push/lib/Message.pm b/extensions/Push/lib/Message.pm
index 3d112a2e1..ebe32d0ea 100644
--- a/extensions/Push/lib/Message.pm
+++ b/extensions/Push/lib/Message.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;