diff options
| author | justdave%syndicomm.com <> | 2001-08-25 02:32:24 +0200 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2001-08-25 02:32:24 +0200 |
| commit | 549954949a402ba5bc84cfb83cda3d62a8e1a887 (patch) | |
| tree | 64ac2ddb9c40844739db9ae9583cdbf41af9aa9b /buglist.cgi | |
| parent | 0fb6fdfab23fa6e82bce48af1b4872b0b5203425 (diff) | |
| download | bugzilla-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar.gz bugzilla-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar.xz | |
Fix for bug 95235: variables with untrusted content were being echoed back to the user in error messages. Those variables are now run through html_quote() first.
Patch by Gavin Shelley <gavins@iplbath.com>
r= justdave@syndicomm.com
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/buglist.cgi b/buglist.cgi index 0f6dbed41..2b2a394bf 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -85,7 +85,7 @@ sub SqlifyDate { } my $date = str2time($str); if (!defined $date) { - PuntTryAgain("The string '<tt>$str</tt>' is not a legal date."); + PuntTryAgain("The string '<tt>".html_quote($str)."</tt>' is not a legal date."); } return time2str("%Y/%m/%d %H:%M:%S", $date); } @@ -172,7 +172,8 @@ sub GenerateSQL { if ($c ne "") { if ($c !~ /^[0-9]*$/) { return Error("The 'At least ___ votes' field must be a\n" . - "simple number. You entered \"$c\", which\n" . + "simple number. You entered \"" . + html_quote($c) . "\", which\n" . "doesn't cut it."); } push(@specialchart, ["votes", "greaterthan", $c - 1]); @@ -250,7 +251,8 @@ sub GenerateSQL { push(@specialchart, \@clist); } else { return Error("You must specify one or more fields in which to\n" . - "search for <tt>$email</tt>.\n"); + "search for <tt>" . + html_quote($email) . "</tt>.\n"); } } @@ -260,7 +262,8 @@ sub GenerateSQL { if ($c ne "") { if ($c !~ /^[0-9]*$/) { return Error("The 'changed in last ___ days' field must be\n" . - "a simple number. You entered \"$c\", which\n" . + "a simple number. You entered \"" . + html_quote($c) . "\", which\n" . "doesn't cut it."); } push(@specialchart, ["changedin", @@ -428,7 +431,8 @@ sub GenerateSQL { if ($id) { push(@list, "$table.keywordid = $id"); } else { - return Error("Unknown keyword named <code>$v</code>.\n" . + return Error("Unknown keyword named <code>" . + html_quote($v) . "</code>.\n" . "<P>The legal keyword names are\n" . "<A HREF=describekeywords.cgi>" . "listed here</A>.\n"); |