summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbugreport%peshkin.net <>2002-11-12 09:43:34 +0100
committerbugreport%peshkin.net <>2002-11-12 09:43:34 +0100
commitbd5461abd0f434a0f7dfe6e6db49be0c28cea33d (patch)
tree66ba463abe0f28b69bd58506228fecdb3d65853c
parent15767ab7c1238e83e1c6d62c6b95c373f4bfd034 (diff)
downloadbugzilla-bd5461abd0f434a0f7dfe6e6db49be0c28cea33d.tar.gz
bugzilla-bd5461abd0f434a0f7dfe6e6db49be0c28cea33d.tar.xz
Second installment of Bug 179260 Unknown table 'map_assigned_to' in order clause at globals.pl line 242
r=bbaetz a=justdave
-rwxr-xr-xbuglist.cgi16
1 files changed, 10 insertions, 6 deletions
diff --git a/buglist.cgi b/buglist.cgi
index a8f28fbd7..50873387e 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -528,12 +528,6 @@ if ($order) {
else {
ThrowCodeError("invalid_column_name_form");
}
- } elsif (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @selectnames)) {
- # Add order columns to selectnames
- # The fragment has already been validated
- $fragment =~ s/\s+(asc|desc)$//;
- trick_taint($fragment);
- push @selectnames, $fragment;
}
}
# Now that we have checked that all columns in the order are valid,
@@ -560,6 +554,16 @@ if ($order) {
# DEFAULT
$order = "bugs.bug_status, bugs.priority, map_assigned_to.login_name, bugs.bug_id";
}
+ foreach my $fragment (split(/,/, $order)) {
+ $fragment = trim($fragment);
+ if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @selectnames)) {
+ # Add order columns to selectnames
+ # The fragment has already been validated
+ $fragment =~ s/\s+(asc|desc)$//;
+ $fragment =~ tr/a-zA-Z\.0-9\-_//cd;
+ push @selectnames, $fragment;
+ }
+ }
$db_order = $order; # Copy $order into $db_order for use with SQL query