diff options
author | jouni%heikniemi.net <> | 2004-05-23 16:07:50 +0200 |
---|---|---|
committer | jouni%heikniemi.net <> | 2004-05-23 16:07:50 +0200 |
commit | 9b2916c36ef0a403e4a773e2316b1931f2179fa7 (patch) | |
tree | 958b68de5693fe6be55cf89d74e833da33affce2 | |
parent | 53091c87248679d4889320a88728d53f7f584152 (diff) | |
download | bugzilla-9b2916c36ef0a403e4a773e2316b1931f2179fa7.tar.gz bugzilla-9b2916c36ef0a403e4a773e2316b1931f2179fa7.tar.xz |
Bug 208847: Fix taint issues in editgroups.cgi
Patch by byron jones <bugzilla@glob.com.au>,
r=jouni, a=justdave
-rwxr-xr-x | editgroups.cgi | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/editgroups.cgi b/editgroups.cgi index d3515b019..f51dbbab4 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl -wT # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public @@ -173,6 +173,7 @@ if ($action eq 'changeform') { PutHeader("Change Group"); my $gid = trim($::FORM{group} || ''); + detaint_natural($gid); unless ($gid) { ShowError("No group specified.<BR>" . "Click the <b>Back</b> button and try again."); @@ -181,7 +182,7 @@ if ($action eq 'changeform') { } SendSQL("SELECT id, name, description, userregexp, isactive, isbuggroup - FROM groups WHERE id=" . SqlQuote($gid)); + FROM groups WHERE id=$gid"); my ($group_id, $name, $description, $rexp, $isactive, $isbuggroup) = FetchSQLData(); @@ -329,7 +330,7 @@ if ($action eq 'new') { # convert an undefined value in the inactive field to zero # (this occurs when the inactive checkbox is not checked # and the browser does not send the field to the server) - my $isactive = $::FORM{isactive} || 0; + my $isactive = $::FORM{isactive} ? 1 : 0; unless ($name) { ShowError("You must enter a name for the new group.<BR>" . @@ -350,14 +351,6 @@ if ($action eq 'new') { exit; } - if ($isactive != 0 && $isactive != 1) { - ShowError("The active flag was improperly set. There may be " . - "a problem with Bugzilla or a bug in your browser.<br>" . - "Please click the <b>Back</b> button and try again."); - PutFooter(); - exit; - } - if (!eval {qr/$regexp/}) { ShowError("The regular expression you entered is invalid. " . "Please click the <b>Back</b> button and try again."); @@ -406,13 +399,14 @@ if ($action eq 'new') { if ($action eq 'del') { PutHeader("Delete group"); my $gid = trim($::FORM{group} || ''); + detaint_natural($gid); unless ($gid) { ShowError("No group specified.<BR>" . "Click the <b>Back</b> button and try again."); PutFooter(); exit; } - SendSQL("SELECT id FROM groups WHERE id=" . SqlQuote($gid)); + SendSQL("SELECT id FROM groups WHERE id=$gid"); if (!FetchOneColumn()) { ShowError("That group doesn't exist.<BR>" . "Click the <b>Back</b> button and try again."); @@ -421,7 +415,7 @@ if ($action eq 'del') { } SendSQL("SELECT name,description " . "FROM groups " . - "WHERE id = " . SqlQuote($gid)); + "WHERE id=$gid"); my ($name, $desc) = FetchSQLData(); print "<table border=1>\n"; @@ -503,6 +497,7 @@ You cannot delete this group while it is tied to a product.</B><BR> if ($action eq 'delete') { PutHeader("Deleting group"); my $gid = trim($::FORM{group} || ''); + detaint_natural($gid); unless ($gid) { ShowError("No group specified.<BR>" . "Click the <b>Back</b> button and try again."); @@ -511,7 +506,7 @@ if ($action eq 'delete') { } SendSQL("SELECT name " . "FROM groups " . - "WHERE id = " . SqlQuote($gid)); + "WHERE id = $gid"); my ($name) = FetchSQLData(); my $cantdelete = 0; @@ -610,6 +605,7 @@ if (($action eq 'remove_all_regexp') || ($action eq 'remove_all')) { # or all of them period my $dbh = Bugzilla->dbh; my $gid = $::FORM{group}; + detaint_natural($gid); my $sth = $dbh->prepare("SELECT name, userregexp FROM groups WHERE id = ?"); $sth->execute($gid); @@ -713,6 +709,7 @@ sub confirmRemove { # Helper sub to handle the making of changes to a group sub doGroupChanges { my $gid = trim($::FORM{group} || ''); + detaint_natural($gid); unless ($gid) { ShowError("No group specified.<BR>" . "Click the <b>Back</b> button and try again."); |