Bug 356328: $rankdir should be validated in showdependencygraph.cgi - Patch by Frédéric Buclin <LpSolit@gmail.com> r=bkor a=myk

author: lpsolit%gmail.com <> 2006-10-21 08:21:08 +0200
committer: lpsolit%gmail.com <> 2006-10-21 08:21:08 +0200
commit: a39a4ef297b2435cbd4a4ef50d459b68c8bb6106 (patch)
tree: 6331e2b53305d1dd8fb4a4ee7eab4bbbfdbbe42b /showdependencygraph.cgi
parent: eedbd699a1aa0f44e7dda37b4d524902a864b783 (diff)
download: bugzilla-a39a4ef297b2435cbd4a4ef50d459b68c8bb6106.tar.gz
bugzilla-a39a4ef297b2435cbd4a4ef50d459b68c8bb6106.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index e483fd0f8..2cea9b2f2 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -96,7 +96,16 @@ sub AddLink {
     }
 }
 
+# The list of valid directions. Some are not proposed in the dropdrown
+# menu despite they are valid ones.
+my @valid_rankdirs = ('LR', 'RL', 'TB', 'BT');
+
 my $rankdir = $cgi->param('rankdir') || "LR";
+# Make sure the submitted 'rankdir' value is valid.
+if (lsearch(\@valid_rankdirs, $rankdir) < 0) {
+    $rankdir = 'LR';
+}
+
 my $webdotdir = bz_locations()->{'webdotdir'};
 
 if (!defined $cgi->param('id') && !defined $cgi->param('doall')) {
author	lpsolit%gmail.com <>	2006-10-21 08:21:08 +0200
committer	lpsolit%gmail.com <>	2006-10-21 08:21:08 +0200
commit	a39a4ef297b2435cbd4a4ef50d459b68c8bb6106 (patch)
tree	6331e2b53305d1dd8fb4a4ee7eab4bbbfdbbe42b /showdependencygraph.cgi
parent	eedbd699a1aa0f44e7dda37b4d524902a864b783 (diff)
download	bugzilla-a39a4ef297b2435cbd4a4ef50d459b68c8bb6106.tar.gz bugzilla-a39a4ef297b2435cbd4a4ef50d459b68c8bb6106.tar.xz