diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2012-05-22 19:23:42 +0200 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-05-22 19:23:42 +0200 |
| commit | 9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27 (patch) | |
| tree | e9d1541acc6f582e690bb5748e35b3a087280e0c /Bugzilla | |
| parent | d01cbdbf9fec43da85227cff54126d83b0e9e4ca (diff) | |
| parent | fc9858fed697d00fb921dd86448dad0ef70552a6 (diff) | |
| download | bugzilla-9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27.tar.gz bugzilla-9b4d2c5bf0bba6db0cebd9a09367782d4d9e6b27.tar.xz | |
merged with bugzilla/4.2
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Constants.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/FlagType.pm | 14 | ||||
| -rw-r--r-- | Bugzilla/Search.pm | 4 | ||||
| -rw-r--r-- | Bugzilla/Template.pm | 2 |
4 files changed, 16 insertions, 6 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 78336818f..d0770cf73 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -202,7 +202,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.2.1"; +use constant BUGZILLA_VERSION => "4.2.1+"; # Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm index 9541d9340..5fc00e137 100644 --- a/Bugzilla/FlagType.pm +++ b/Bugzilla/FlagType.pm @@ -686,7 +686,10 @@ sub sqlify_criteria { } if ($criteria->{product_id}) { my $product_id = $criteria->{product_id}; - + detaint_natural($product_id) + || ThrowCodeError('bad_arg', { argument => 'product_id', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + # Add inclusions to the query, which simply involves joining the table # by flag type ID and target product/component. push(@$tables, "INNER JOIN flaginclusions AS i ON flagtypes.id = i.type_id"); @@ -703,6 +706,10 @@ sub sqlify_criteria { my $addl_join_clause = ""; if ($criteria->{component_id}) { my $component_id = $criteria->{component_id}; + detaint_natural($component_id) + || ThrowCodeError('bad_arg', { argument => 'component_id', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + push(@criteria, "(i.component_id = $component_id OR i.component_id IS NULL)"); $join_clause .= "AND (e.component_id = $component_id OR e.component_id IS NULL) "; } @@ -716,7 +723,10 @@ sub sqlify_criteria { } if ($criteria->{group}) { my $gid = $criteria->{group}; - detaint_natural($gid); + detaint_natural($gid) + || ThrowCodeError('bad_arg', { argument => 'group', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + push(@criteria, "(flagtypes.grant_group_id = $gid " . " OR flagtypes.request_group_id = $gid)"); } diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 6f1061e2c..e70933db0 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -1747,9 +1747,9 @@ sub do_search_function { sub _do_operator_function { my ($self, $func_args) = @_; my $operator = $func_args->{operator}; - my $operator_func = OPERATORS->{$$operator} + my $operator_func = OPERATORS->{$operator} || ThrowCodeError("search_field_operator_unsupported", - { operator => $$operator }); + { operator => $operator }); $self->$operator_func($func_args); } diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index f069b19d2..870053b46 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -69,7 +69,7 @@ use constant FORMAT_2_SIZE => [19,55]; # Pseudo-constant. sub SAFE_URL_REGEXP { my $safe_protocols = join('|', SAFE_PROTOCOLS); - return qr/($safe_protocols):[^\s<>\"]+[\w\/]/i; + return qr/($safe_protocols):[^:\s<>\"][^\s<>\"]+[\w\/]/i; } # Convert the constants in the Bugzilla::Constants module into a hash we can |