summaryrefslogtreecommitdiffstats
path: root/process_bug.cgi
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2002-01-20 10:44:34 +0100
committerjustdave%syndicomm.com <>2002-01-20 10:44:34 +0100
commit4e6767d4c3d1b0b583f4ec076992345545294748 (patch)
tree44d10a299f4d910400fb420b38e21e769c00be7e /process_bug.cgi
parent72f340e3a12668c9356102c71f864afa986e001a (diff)
downloadbugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.gz
bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.xz
Fix for bug 108982: enable taint mode for all user-facing CGI files.
Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave
Diffstat (limited to 'process_bug.cgi')
-rwxr-xr-xprocess_bug.cgi32
1 files changed, 22 insertions, 10 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index ac2e239ef..13942ca5f 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -1,4 +1,4 @@
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
@@ -29,6 +29,8 @@ use strict;
my $UserInEditGroupSet = -1;
my $UserInCanConfirmGroupSet = -1;
+use lib qw(.);
+
require "CGI.pl";
use RelationSet;
@@ -42,6 +44,7 @@ use vars %::versions,
%::legal_opsys,
%::legal_platform,
%::legal_priority,
+ %::settable_resolution,
%::target_milestone,
%::legal_severity,
%::superusergroupset;
@@ -58,13 +61,18 @@ my $requiremilestone = 0;
# This list will either consist of a single bug number from the "id"
# form/URL field or a series of numbers from multiple form/URL fields
# named "id_x" where "x" is the bug number.
+# For each bug being modified, make sure its ID is a valid bug number
+# representing an existing bug that the user is authorized to access.
my @idlist;
if (defined $::FORM{'id'}) {
+ ValidateBugID($::FORM{'id'});
push @idlist, $::FORM{'id'};
} else {
foreach my $i (keys %::FORM) {
if ($i =~ /^id_([1-9][0-9]*)/) {
- push @idlist, $1;
+ my $id = $1;
+ ValidateBugID($id);
+ push @idlist, $id;
}
}
}
@@ -74,12 +82,6 @@ scalar(@idlist)
|| DisplayError("You did not select any bugs to modify.")
&& exit;
-# For each bug being modified, make sure its ID is a valid bug number
-# representing an existing bug that the user is authorized to access.
-foreach my $id (@idlist) {
- ValidateBugID($id);
-}
-
# If we are duping bugs, let's also make sure that we can change
# the original. This takes care of issue A on bug 96085.
if (defined $::FORM{'dup_id'} && $::FORM{'knob'} eq "duplicate") {
@@ -538,7 +540,7 @@ sub ChangeResolution {
my ($str) = (@_);
if ($str ne $::dontchange) {
DoComma();
- $::query .= "resolution = '$str'";
+ $::query .= "resolution = " . SqlQuote($str);
}
}
@@ -695,6 +697,8 @@ SWITCH: for ($::FORM{'knob'}) {
last SWITCH;
};
/^resolve$/ && CheckonComment( "resolve" ) && do {
+ # Check here, because its the only place we require the resolution
+ CheckFormField(\%::FORM, 'resolution', \@::settable_resolution);
ChangeStatus('RESOLVED');
ChangeResolution($::FORM{'resolution'});
last SWITCH;
@@ -1030,8 +1034,15 @@ The changes made were:
foreach my $i (split('[\s,]+', $::FORM{$target})) {
if ($i eq "") {
next;
+ }
+ my $orig = $i;
+ if (!detaint_natural($i)) {
+ PuntTryAgain("$orig is not a legal bug number");
}
+
+ # Don't use CanSeeBug, since we want to keep deps to bugs a
+ # user can't see
SendSQL("select bug_id from bugs where bug_id = " .
SqlQuote($i));
my $comp = FetchOneColumn();
@@ -1049,7 +1060,8 @@ The changes made were:
my @stack = @{$deps{$target}};
while (@stack) {
my $i = shift @stack;
- SendSQL("select $target from dependencies where $me = $i");
+ SendSQL("select $target from dependencies where $me = " .
+ SqlQuote($i));
while (MoreSQLData()) {
my $t = FetchOneColumn();
if ($t == $id) {