summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2014-01-03 00:02:27 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2014-01-03 00:02:27 +0100
commitfd32a1a35d928726c4f9c06d1c573825672a29d6 (patch)
tree32f86900f63849301f95011de53053b535e58d3d
parentfc5aae4091324a630fee712984b1a643e45e3197 (diff)
downloadbugzilla-fd32a1a35d928726c4f9c06d1c573825672a29d6.tar.gz
bugzilla-fd32a1a35d928726c4f9c06d1c573825672a29d6.tar.xz
Bug 543432: [PostgreSQL] Crash when typing a string in combination with a numeric field
r=dkl a=sgreen
-rw-r--r--Bugzilla/CGI.pm25
-rw-r--r--Bugzilla/Error.pm4
-rw-r--r--Bugzilla/Search.pm7
-rwxr-xr-xbuglist.cgi21
4 files changed, 34 insertions, 23 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index c7997ba18..d7e81d793 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -269,9 +269,23 @@ sub multipart_start {
$headers .= "Set-Cookie: ${cookie}${CGI::CRLF}";
}
$headers .= $CGI::CRLF;
+ $self->{_multipart_in_progress} = 1;
return $headers;
}
+sub close_standby_message {
+ my ($self, $contenttype, $disp, $disp_prefix, $extension) = @_;
+ $self->set_dated_content_disp($disp, $disp_prefix, $extension);
+
+ if ($self->{_multipart_in_progress}) {
+ print $self->multipart_end();
+ print $self->multipart_start(-type => $contenttype);
+ }
+ else {
+ print $self->header($contenttype);
+ }
+}
+
# Override header so we can add the cookies in
sub header {
my $self = shift;
@@ -665,6 +679,15 @@ instead of calling this directly.
Redirects from the current URL to one prefixed by the urlbase parameter.
+=item C<multipart_start>
+
+Starts a new part of the multipart document using the specified MIME type.
+If not specified, text/html is assumed.
+
+=item C<close_standby_message>
+
+Ends a part of the multipart document, and starts another part.
+
=item C<set_dated_content_disp>
Sets an appropriate date-dependent value for the Content Disposition header
@@ -688,8 +711,6 @@ L<CGI|CGI>, L<CGI::Cookie|CGI::Cookie>
=item should_set
-=item multipart_start
-
=item redirect_search_url
=item param
diff --git a/Bugzilla/Error.pm b/Bugzilla/Error.pm
index ee84183b1..03bf04f83 100644
--- a/Bugzilla/Error.pm
+++ b/Bugzilla/Error.pm
@@ -94,8 +94,10 @@ sub _throw_error {
message => \$message });
if (Bugzilla->error_mode == ERROR_MODE_WEBPAGE) {
- print Bugzilla->cgi->header();
+ my $cgi = Bugzilla->cgi;
+ $cgi->close_standby_message('text/html', 'inline', 'error', 'html');
print $message;
+ print $cgi->multipart_final() if $cgi->{_multipart_in_progress};
}
elsif (Bugzilla->error_mode == ERROR_MODE_TEST) {
die Dumper($vars);
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index e546be6d9..2d1f3af11 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -1997,11 +1997,18 @@ sub _quote_unless_numeric {
my $numeric_field = $self->_chart_fields->{$field}->is_numeric;
my $numeric_value = ($value =~ NUMBER_REGEX) ? 1 : 0;
my $is_numeric = $numeric_operator && $numeric_field && $numeric_value;
+
+ # These operators are really numeric operators with numeric fields.
+ $numeric_operator = grep { $_ eq $operator } keys SIMPLE_OPERATORS;
+
if ($is_numeric) {
my $quoted = $value;
trick_taint($quoted);
return $quoted;
}
+ elsif ($numeric_field && !$numeric_value && $numeric_operator) {
+ ThrowUserError('number_not_numeric', { field => $field, num => $value });
+ }
return Bugzilla->dbh->quote($value);
}
diff --git a/buglist.cgi b/buglist.cgi
index 4969b1858..281504c66 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -279,22 +279,6 @@ sub GetGroups {
return [values %legal_groups];
}
-sub _close_standby_message {
- my ($contenttype, $disp, $disp_prefix, $extension, $serverpush) = @_;
- my $cgi = Bugzilla->cgi;
- $cgi->set_dated_content_disp($disp, $disp_prefix, $extension);
-
- # Close the "please wait" page, then open the buglist page
- if ($serverpush) {
- print $cgi->multipart_end();
- print $cgi->multipart_start(-type => $contenttype);
- }
- else {
- print $cgi->header($contenttype);
- }
-}
-
-
################################################################################
# Command Execution
################################################################################
@@ -949,8 +933,6 @@ elsif (my @component_input = $cgi->param('component')) {
# The following variables are used when the user is making changes to multiple bugs.
if ($dotweak && scalar @bugs) {
if (!$vars->{'caneditbugs'}) {
- _close_standby_message('text/html',
- 'inline', "error", "html", $serverpush);
ThrowUserError('auth_failure', {group => 'editbugs',
action => 'modify',
object => 'multiple_bugs'});
@@ -1057,8 +1039,7 @@ if ($format->{'extension'} eq "csv") {
$vars->{'human'} = $cgi->param('human');
}
-_close_standby_message($contenttype, $disposition, $disp_prefix,
- $format->{'extension'}, $serverpush);
+$cgi->close_standby_message($contenttype, $disposition, $disp_prefix, $format->{'extension'});
################################################################################
# Content Generation