diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-09-29 13:29:52 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-09-29 13:29:52 +0200 |
commit | 324ea8a4039f901ab6fee0d9c8ee3aa5f492eb4f (patch) | |
tree | e8cf6b682f9d06238fefbc726a7cd9fed36a5624 | |
parent | dfa185b33b4f9ba434e087f16d949543527c3498 (diff) | |
download | bugzilla-324ea8a4039f901ab6fee0d9c8ee3aa5f492eb4f.tar.gz bugzilla-324ea8a4039f901ab6fee0d9c8ee3aa5f492eb4f.tar.xz |
Bug 793893: Tabular reports crash when no format parameter is defined
r=glob a=LpSolit
-rwxr-xr-x | report.cgi | 9 | ||||
-rw-r--r-- | template/en/default/filterexceptions.pl | 1 | ||||
-rw-r--r-- | template/en/default/reports/report.html.tmpl | 4 |
3 files changed, 6 insertions, 8 deletions
diff --git a/report.cgi b/report.cgi index a5d170825..5c7ec870b 100755 --- a/report.cgi +++ b/report.cgi @@ -117,10 +117,12 @@ $width <= 2000 || ThrowUserError("chart_too_large"); || ThrowCodeError("invalid_dimensions"); $height <= 2000 || ThrowUserError("chart_too_large"); +my $formatparam = $cgi->param('format') || ''; + # These shenanigans are necessary to make sure that both vertical and # horizontal 1D tables convert to the correct dimension when you ask to # display them as some sort of chart. -if (defined $cgi->param('format') && $cgi->param('format') eq "table") { +if ($formatparam eq "table") { if ($col_field && !$row_field) { # 1D *tables* should be displayed vertically (with a row_field only) $row_field = $col_field; @@ -243,7 +245,7 @@ $vars->{'row_names'} = \@row_names; $vars->{'tbl_names'} = \@tbl_names; # Below a certain width, we don't see any bars, so there needs to be a minimum. -if ($cgi->param('format') eq "bar") { +if ($formatparam eq "bar") { my $min_width = (scalar(@col_names) || 1) * 20; if (!$cgi->param('cumulate')) { @@ -259,8 +261,6 @@ $vars->{'query'} = $query; $vars->{'saved_report_id'} = $cgi->param('saved_report_id'); $vars->{'debug'} = $cgi->param('debug'); -my $formatparam = $cgi->param('format'); - if ($action eq "wrap") { # So which template are we using? If action is "wrap", we will be using # no format (it gets passed through to be the format of the actual data), @@ -269,7 +269,6 @@ if ($action eq "wrap") { # data, or images generated by calling report.cgi again with action as # "plot". $formatparam =~ s/[^a-zA-Z\-]//g; - trick_taint($formatparam); $vars->{'format'} = $formatparam; $formatparam = ''; diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 7eb9cf6f0..00ae28f08 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -90,7 +90,6 @@ 'formaturl', 'other_format.name', 'switchbase', - 'format', 'cumulate', ], diff --git a/template/en/default/reports/report.html.tmpl b/template/en/default/reports/report.html.tmpl index 8219ebd89..8dc4bc5a7 100644 --- a/template/en/default/reports/report.html.tmpl +++ b/template/en/default/reports/report.html.tmpl @@ -123,7 +123,7 @@ <a href="query.cgi?[% switchbase %]&format=report-table">Edit this report</a> [% ELSE %] <a href="query.cgi?[% switchbase %]&chart_format= - [%~ format %]&format=report-graph&cumulate=[% cumulate %]"> + [%~ format FILTER uri %]&format=report-graph&cumulate=[% cumulate %]"> Edit this report</a> [% END %] </td> @@ -135,7 +135,7 @@ [% ELSE %] <form method="get" action="report.cgi"> <input type="submit" id="remember" value="Remember report"> as - <input type="hidden" name="query" value="[% switchbase %]&format=[% format FILTER html %]&action=wrap"> + <input type="hidden" name="query" value="[% switchbase %]&format=[% format FILTER uri %]&action=wrap"> <input type="hidden" name="action" value="add"> <input type="hidden" name="token" value="[% issue_hash_token(['save_report']) FILTER html %]"> <input type="text" id="name" name="name" size="20" value="" maxlength="64"> |