summaryrefslogtreecommitdiffstats
path: root/processmail
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2001-07-04 13:41:27 +0200
committerjustdave%syndicomm.com <>2001-07-04 13:41:27 +0200
commit6470353dd6731b8ef37d056dd7e7f4b2549d2f22 (patch)
treeb86542309e02832cd4aab719a9f230605157a6c2 /processmail
parent739565fdef5d8b71cbc01f10a255ad3401a10b25 (diff)
downloadbugzilla-6470353dd6731b8ef37d056dd7e7f4b2549d2f22.tar.gz
bugzilla-6470353dd6731b8ef37d056dd7e7f4b2549d2f22.tar.xz
Fix for bug 59349: Processmail now runs in taint (perl -T and $db->{Taint}=1) mode. Hooks also added to globals.pl to make converting other files in Bugzilla to run in Taint mode easier.
Patch by Jake Steenhagen <jake@acutex.net> r= justdave@syndicomm.com
Diffstat (limited to 'processmail')
-rwxr-xr-xprocessmail40
1 files changed, 33 insertions, 7 deletions
diff --git a/processmail b/processmail
index de0f4c7fe..0fcdbbdde 100755
--- a/processmail
+++ b/processmail
@@ -1,4 +1,4 @@
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
@@ -27,11 +27,19 @@
use diagnostics;
use strict;
+use lib ".";
require "globals.pl";
use RelationSet;
+
+# Shut up misguided -w warnings about "used only once".
+sub processmail_sillyness {
+ my $zz;
+ $zz = $::db;
+}
+
$| = 1;
umask(0);
@@ -102,6 +110,10 @@ sub ProcessOneBug {
$values{$i} = shift(@row);
}
my ($start, $end) = (@row);
+ # $start and $end are considered safe because users can't touch them
+ $start = detaint_string($start);
+ $end = detaint_string($end);
+
my $ccSet = new RelationSet();
$ccSet->mergeFromDB("SELECT who FROM cc WHERE bug_id = $id");
$values{'cc'} = $ccSet->toString();
@@ -471,22 +483,20 @@ sub filterEmailGroup ($$$) {
foreach my $person (@emailList) {
- my $userid;
my $lastCount = @filteredList;
if ( $person eq '' ) { next; }
- SendSQL("SELECT userid FROM profiles WHERE login_name = "
- . SqlQuote($person) );
+ my $userid = DBname_to_id($person);
- if ( !($userid = FetchSQLData()) ) {
+ if ( ! $userid ) {
push(@filteredList,$person);
next;
}
SendSQL("SELECT emailflags FROM profiles WHERE " .
"userid = $userid" );
-
+
my ($userFlagString) = FetchSQLData();
# If the sender doesn't want email, exclude them from list
@@ -622,6 +632,12 @@ sub NewProcessOnePerson ($$$$$$$$$$) {
return;
}
+ # Sanitize $values{'groupset'}
+ if ($values{'groupset'} =~ m/(\d+)/) {
+ $values{'groupset'} = $1;
+ } else {
+ $values{'groupset'} = 0;
+ }
SendSQL("SELECT userid, groupset & $values{'groupset'} " .
"FROM profiles WHERE login_name = " . SqlQuote($person));
my ($userid, $groupset) = (FetchSQLData());
@@ -706,6 +722,9 @@ sub NewProcessOnePerson ($$$$$$$$$$) {
# Code starts here
ConnectToDatabase();
+# Set Taint mode for the SQL
+$::db->{Taint} = 1;
+# ^^^ Taint mode is still a work in progress...
GetVersionTable();
if (open(FID, "<data/nomail")) {
@@ -762,7 +781,14 @@ if ($ARGV[0] eq "rescanall") {
ProcessOneBug($ARGV[0]);
}
} else {
- ProcessOneBug($ARGV[0]);
+ my $bugnum;
+ if ($ARGV[0] =~ m/^([1-9][0-9]*)$/) {
+ $bugnum = $1;
+ } else {
+ print "Error calling processmail (bug id is not an integer)<br>\n";
+ exit;
+ }
+ ProcessOneBug($bugnum);
}
exit;