diff options
author | terry%mozilla.org <> | 2000-03-08 03:22:41 +0100 |
---|---|---|
committer | terry%mozilla.org <> | 2000-03-08 03:22:41 +0100 |
commit | d38fe0e5cab4a7efaba8a79a22a85b0e67817441 (patch) | |
tree | d090c36e14e128eb6c65e3b4d5d576ba78647650 /buglist.cgi | |
parent | 77f66018f328fe5321fa95d76515a187231ad1f0 (diff) | |
download | bugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.tar.gz bugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.tar.xz |
Patch by Brian Duggan <bduggan@oven.com> -- security improvements.
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-x | buglist.cgi | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/buglist.cgi b/buglist.cgi index 43d46c7ea..75549e730 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -170,6 +170,7 @@ sub GenerateSQL { } if (defined $F{'sql'}) { + die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/; push(@wherepart, "( $F{'sql'} )"); } @@ -887,6 +888,8 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") { $::FORM{'order'} =~ s/assign\.login_name/map_assigned_to.login_name/g; # Another backwards compatability hack. + die "Invalid order: $::FORM{'order'}" unless + $::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/; ORDER: for ($::FORM{'order'}) { /\./ && do { # This (hopefully) already has fieldnames in it, so we're done. |