summaryrefslogtreecommitdiffstats
path: root/buglist.cgi
diff options
context:
space:
mode:
authorterry%mozilla.org <>2000-03-08 03:22:41 +0100
committerterry%mozilla.org <>2000-03-08 03:22:41 +0100
commitd38fe0e5cab4a7efaba8a79a22a85b0e67817441 (patch)
treed090c36e14e128eb6c65e3b4d5d576ba78647650 /buglist.cgi
parent77f66018f328fe5321fa95d76515a187231ad1f0 (diff)
downloadbugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.tar.gz
bugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.tar.xz
Patch by Brian Duggan <bduggan@oven.com> -- security improvements.
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-xbuglist.cgi3
1 files changed, 3 insertions, 0 deletions
diff --git a/buglist.cgi b/buglist.cgi
index 43d46c7ea..75549e730 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -170,6 +170,7 @@ sub GenerateSQL {
}
if (defined $F{'sql'}) {
+ die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/;
push(@wherepart, "( $F{'sql'} )");
}
@@ -887,6 +888,8 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") {
$::FORM{'order'} =~ s/assign\.login_name/map_assigned_to.login_name/g;
# Another backwards compatability hack.
+ die "Invalid order: $::FORM{'order'}" unless
+ $::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/;
ORDER: for ($::FORM{'order'}) {
/\./ && do {
# This (hopefully) already has fieldnames in it, so we're done.