summaryrefslogtreecommitdiffstats
path: root/editmilestones.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-05-04 04:41:22 +0200
committerlpsolit%gmail.com <>2005-05-04 04:41:22 +0200
commit91225228cd8b8f132a496c2d078c14ffb8ecbab3 (patch)
tree1db6dbb76ed32bbcce300b087054c733b9378a0b /editmilestones.cgi
parente51425da1f1fe8ee831bfb8d4c091d9e08ae4dce (diff)
downloadbugzilla-91225228cd8b8f132a496c2d078c14ffb8ecbab3.tar.gz
bugzilla-91225228cd8b8f132a496c2d078c14ffb8ecbab3.tar.xz
Bug 279303: Negative numbers are rejected as invalid sortkeys for milestones - Patch by Peter D. Stout <pds@edgedynamics.com> r=LpSolit a=justdave
Diffstat (limited to 'editmilestones.cgi')
-rwxr-xr-xeditmilestones.cgi35
1 files changed, 19 insertions, 16 deletions
diff --git a/editmilestones.cgi b/editmilestones.cgi
index 5c9e21468..32e6790c2 100755
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -116,6 +116,21 @@ sub CheckMilestone ($$)
}
}
+sub CheckSortkey ($$)
+{
+ my ($milestone, $sortkey) = @_;
+ # Keep a copy in case detaint_signed() clears the sortkey
+ my $stored_sortkey = $sortkey;
+
+ if (!detaint_signed($sortkey) || $sortkey < -32768 || $sortkey > 32767) {
+ ThrowUserError('milestone_sortkey_invalid',
+ {'name' => $milestone,
+ 'sortkey' => $stored_sortkey});
+ }
+
+ return $sortkey;
+}
+
#
# Preliminary checks:
#
@@ -261,13 +276,8 @@ if ($action eq 'new') {
{'name' => $milestone});
}
- # Need to store in case detaint_natural() clears the sortkey
- my $stored_sortkey = $sortkey;
- if (!detaint_natural($sortkey)) {
- ThrowUserError('milestone_sortkey_invalid',
- {'name' => $milestone,
- 'sortkey' => $stored_sortkey});
- }
+ $sortkey = CheckSortkey($milestone, $sortkey);
+
if (TestMilestone($product, $milestone)) {
ThrowUserError('milestone_already_exists',
{'name' => $milestone,
@@ -453,15 +463,8 @@ if ($action eq 'update') {
'milestones WRITE',
'products WRITE');
- # Need to store because detaint_natural() will delete this if
- # invalid
- my $stored_sortkey = $sortkey;
- if ($sortkey != $sortkeyold) {
- if (!detaint_natural($sortkey)) {
- ThrowUserError('milestone_sortkey_invalid',
- {'name' => $milestone,
- 'sortkey' => $stored_sortkey});
- }
+ if ($sortkey ne $sortkeyold) {
+ $sortkey = CheckSortkey($milestone, $sortkey);
trick_taint($milestoneold);