summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2012-09-29 13:29:52 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2012-09-29 13:29:52 +0200
commit324ea8a4039f901ab6fee0d9c8ee3aa5f492eb4f (patch)
treee8cf6b682f9d06238fefbc726a7cd9fed36a5624
parentdfa185b33b4f9ba434e087f16d949543527c3498 (diff)
downloadbugzilla-324ea8a4039f901ab6fee0d9c8ee3aa5f492eb4f.tar.gz
bugzilla-324ea8a4039f901ab6fee0d9c8ee3aa5f492eb4f.tar.xz
Bug 793893: Tabular reports crash when no format parameter is defined
r=glob a=LpSolit
-rwxr-xr-xreport.cgi9
-rw-r--r--template/en/default/filterexceptions.pl1
-rw-r--r--template/en/default/reports/report.html.tmpl4
3 files changed, 6 insertions, 8 deletions
diff --git a/report.cgi b/report.cgi
index a5d170825..5c7ec870b 100755
--- a/report.cgi
+++ b/report.cgi
@@ -117,10 +117,12 @@ $width <= 2000 || ThrowUserError("chart_too_large");
|| ThrowCodeError("invalid_dimensions");
$height <= 2000 || ThrowUserError("chart_too_large");
+my $formatparam = $cgi->param('format') || '';
+
# These shenanigans are necessary to make sure that both vertical and
# horizontal 1D tables convert to the correct dimension when you ask to
# display them as some sort of chart.
-if (defined $cgi->param('format') && $cgi->param('format') eq "table") {
+if ($formatparam eq "table") {
if ($col_field && !$row_field) {
# 1D *tables* should be displayed vertically (with a row_field only)
$row_field = $col_field;
@@ -243,7 +245,7 @@ $vars->{'row_names'} = \@row_names;
$vars->{'tbl_names'} = \@tbl_names;
# Below a certain width, we don't see any bars, so there needs to be a minimum.
-if ($cgi->param('format') eq "bar") {
+if ($formatparam eq "bar") {
my $min_width = (scalar(@col_names) || 1) * 20;
if (!$cgi->param('cumulate')) {
@@ -259,8 +261,6 @@ $vars->{'query'} = $query;
$vars->{'saved_report_id'} = $cgi->param('saved_report_id');
$vars->{'debug'} = $cgi->param('debug');
-my $formatparam = $cgi->param('format');
-
if ($action eq "wrap") {
# So which template are we using? If action is "wrap", we will be using
# no format (it gets passed through to be the format of the actual data),
@@ -269,7 +269,6 @@ if ($action eq "wrap") {
# data, or images generated by calling report.cgi again with action as
# "plot".
$formatparam =~ s/[^a-zA-Z\-]//g;
- trick_taint($formatparam);
$vars->{'format'} = $formatparam;
$formatparam = '';
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index 7eb9cf6f0..00ae28f08 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -90,7 +90,6 @@
'formaturl',
'other_format.name',
'switchbase',
- 'format',
'cumulate',
],
diff --git a/template/en/default/reports/report.html.tmpl b/template/en/default/reports/report.html.tmpl
index 8219ebd89..8dc4bc5a7 100644
--- a/template/en/default/reports/report.html.tmpl
+++ b/template/en/default/reports/report.html.tmpl
@@ -123,7 +123,7 @@
<a href="query.cgi?[% switchbase %]&amp;format=report-table">Edit this report</a>
[% ELSE %]
<a href="query.cgi?[% switchbase %]&amp;chart_format=
- [%~ format %]&amp;format=report-graph&amp;cumulate=[% cumulate %]">
+ [%~ format FILTER uri %]&amp;format=report-graph&amp;cumulate=[% cumulate %]">
Edit this report</a>
[% END %]
</td>
@@ -135,7 +135,7 @@
[% ELSE %]
<form method="get" action="report.cgi">
<input type="submit" id="remember" value="Remember report"> as
- <input type="hidden" name="query" value="[% switchbase %]&amp;format=[% format FILTER html %]&amp;action=wrap">
+ <input type="hidden" name="query" value="[% switchbase %]&amp;format=[% format FILTER uri %]&amp;action=wrap">
<input type="hidden" name="action" value="add">
<input type="hidden" name="token" value="[% issue_hash_token(['save_report']) FILTER html %]">
<input type="text" id="name" name="name" size="20" value="" maxlength="64">