diff options
-rw-r--r-- | Bugzilla/Search.pm | 105 |
1 files changed, 56 insertions, 49 deletions
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 3e28b6d8e..9f3d0213d 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -294,9 +294,10 @@ sub init { } if ($chfieldfrom ne '' || $chfieldto ne '') { - my $sql_chfrom = $chfieldfrom ? &::SqlQuote(SqlifyDate($chfieldfrom)):''; - my $sql_chto = $chfieldto ? &::SqlQuote(SqlifyDate($chfieldto)) :''; - my $sql_chvalue = $chvalue ne '' ? &::SqlQuote($chvalue) : ''; + my $sql_chfrom = $chfieldfrom ? $dbh->quote(SqlifyDate($chfieldfrom)):''; + my $sql_chto = $chfieldto ? $dbh->quote(SqlifyDate($chfieldto)) :''; + my $sql_chvalue = $chvalue ne '' ? $dbh->quote($chvalue) : ''; + trick_taint($sql_chvalue); if(!@chfield) { push(@wherepart, "bugs.delta_ts >= $sql_chfrom") if ($sql_chfrom); push(@wherepart, "bugs.delta_ts <= $sql_chto") if ($sql_chto); @@ -354,7 +355,8 @@ sub init { validate_date($deadlinefrom) || ThrowUserError('illegal_date', {date => $deadlinefrom, format => 'YYYY-MM-DD'}); - $sql_deadlinefrom = &::SqlQuote($deadlinefrom); + $sql_deadlinefrom = $dbh->quote($deadlinefrom); + trick_taint($sql_deadlinefrom); push(@wherepart, "bugs.deadline >= $sql_deadlinefrom"); } @@ -363,7 +365,8 @@ sub init { validate_date($deadlineto) || ThrowUserError('illegal_date', {date => $deadlineto, format => 'YYYY-MM-DD'}); - $sql_deadlineto = &::SqlQuote($deadlineto); + $sql_deadlineto = $dbh->quote($deadlineto); + trick_taint($sql_deadlineto); push(@wherepart, "bugs.deadline <= $sql_deadlineto"); } } @@ -374,7 +377,8 @@ sub init { my $s = trim($params->param($f)); if ($s ne "") { my $n = $f; - my $q = &::SqlQuote($s); + my $q = $dbh->quote($s); + trick_taint($q); my $type = $params->param($f . "_type"); push(@specialchart, [$f, $type, $s]); } @@ -556,13 +560,13 @@ sub init { my $table = "longdescs_$chartid"; push(@supptables, "INNER JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id"); - $term = "$table.bug_when < " . &::SqlQuote(SqlifyDate($v)); + $term = "$table.bug_when < " . $dbh->quote(SqlifyDate($v)); }, "^long_?desc,changedafter" => sub { my $table = "longdescs_$chartid"; push(@supptables, "INNER JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id"); - $term = "$table.bug_when > " . &::SqlQuote(SqlifyDate($v)); + $term = "$table.bug_when > " . $dbh->quote(SqlifyDate($v)); }, "^content,matches" => sub { # "content" is an alias for columns containing text for which we @@ -629,7 +633,7 @@ sub init { }, "^deadline,(?:lessthan|greaterthan|equals|notequals),(-|\\+)?(\\d+)([dDwWmMyY])\$" => sub { $v = SqlifyDate($v); - $q = &::SqlQuote($v); + $q = $dbh->quote($v); }, "^commenter,(?:equals|anyexact),(%\\w+%)" => sub { my $match = pronoun($1, $user); @@ -698,14 +702,14 @@ sub init { my $table = "longdescs_$chartid"; push(@supptables, "INNER JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id"); - $term = "(($table.bug_when < " . &::SqlQuote(SqlifyDate($v)); + $term = "(($table.bug_when < " . $dbh->quote(SqlifyDate($v)); $term .= ") AND ($table.work_time <> 0))"; }, "^work_time,changedafter" => sub { my $table = "longdescs_$chartid"; push(@supptables, "INNER JOIN longdescs AS $table " . "ON $table.bug_id = bugs.bug_id"); - $term = "(($table.bug_when > " . &::SqlQuote(SqlifyDate($v)); + $term = "(($table.bug_when > " . $dbh->quote(SqlifyDate($v)); $term .= ") AND ($table.work_time <> 0))"; }, "^work_time," => sub { @@ -751,12 +755,14 @@ sub init { COUNT(DISTINCT $table.bug_when) / COUNT(bugs.bug_id)) + bugs.remaining_time)))"; + $q = $dbh->quote($v); + trick_taint($q); if ($t eq "regexp") { - push(@having, $dbh->sql_regexp($expression, &::SqlQuote($v))); + push(@having, $dbh->sql_regexp($expression, $q)); } elsif ($t eq "notregexp") { - push(@having, $dbh->sql_not_regexp($expression, &::SqlQuote($v))); + push(@having, $dbh->sql_not_regexp($expression, $q)); } else { - push(@having, "$expression $oper " . &::SqlQuote($v)); + push(@having, "$expression $oper " . $q); } push(@groupby, "bugs.remaining_time"); } @@ -805,17 +811,17 @@ sub init { my $field = $1; if ($t eq "changedby") { $v = login_to_id($v, THROW_ERROR); - $q = &::SqlQuote($v); + $q = $dbh->quote($v); $field = "submitter_id"; $t = "equals"; } elsif ($t eq "changedbefore") { $v = SqlifyDate($v); - $q = &::SqlQuote($v); + $q = $dbh->quote($v); $field = "creation_ts"; $t = "lessthan"; } elsif ($t eq "changedafter") { $v = SqlifyDate($v); - $q = &::SqlQuote($v); + $q = $dbh->quote($v); $field = "creation_ts"; $t = "greaterthan"; } @@ -1061,7 +1067,9 @@ sub init { if ($w eq "---" && $f !~ /milestone/) { $w = ""; } - push(@list, &::SqlQuote($w)); + $q = $dbh->quote($w); + trick_taint($q); + push(@list, $q); } if (@list) { $term = "$ff IN (" . join (',', @list) . ")"; @@ -1102,7 +1110,7 @@ sub init { "ON $table.bug_id = bugs.bug_id " . "AND $table.fieldid = $fieldid " . "AND $table.bug_when $operator " . - &::SqlQuote(SqlifyDate($v)) ); + $dbh->quote(SqlifyDate($v)) ); $term = "($table.bug_when IS NOT NULL)"; }, ",(changedfrom|changedto)" => sub { @@ -1249,7 +1257,7 @@ sub init { # e.g. bugs_activity.bug_id # $t = type of query. e.g. "equal to", "changed after", case sensitive substr" # $v = value - value the user typed in to the form -# $q = sanitized version of user input (SqlQuote($v)) +# $q = sanitized version of user input trick_taint(($dbh->quote($v))) # @supptables = Tables and/or table aliases used in query # %suppseen = A hash used to store all the tables in supptables to weed # out duplicates. @@ -1258,11 +1266,8 @@ sub init { # $suppstring = String which is pasted into query containing all table names # get a list of field names to verify the user-submitted chart fields against - &::SendSQL("SELECT name, fieldid FROM fielddefs"); - while (&::MoreSQLData()) { - my ($name, $id) = &::FetchSQLData(); - $chartfields{$name} = $id; - } + %chartfields = @{$dbh->selectcol_arrayref( + q{SELECT name, fieldid FROM fielddefs}, { Columns=>[1,2] })}; $row = 0; for ($chart=-1 ; @@ -1295,7 +1300,8 @@ sub init { # already know about it), or it was in %chartfields, so it is # a valid field name, which means that it's ok. trick_taint($f); - $q = &::SqlQuote($v); + $q = $dbh->quote($v); + trick_taint($q); my $rhs = $v; $rhs =~ tr/,//; my $func; @@ -1523,24 +1529,24 @@ sub ListIDsForEmail { } $list = join(',', @list); } elsif ($type eq 'substring') { - &::SendSQL("SELECT userid FROM profiles WHERE " . - $dbh->sql_position(lc(::SqlQuote($email)), "LOWER(login_name)") . - " > 0 " . $dbh->sql_limit(51)); - while (&::MoreSQLData()) { - my ($id) = &::FetchSQLData(); - push(@list, $id); - } + my $sql_email = $dbh->quote($email); + trick_taint($sql_email); + my $result = $dbh->selectcol_arrayref( + q{SELECT userid FROM profiles WHERE } . + $dbh->sql_position(lc($sql_email), q{LOWER(login_name)}) . + q{ > 0 } . $dbh->sql_limit(51)); + @list = @{$result}; if (scalar(@list) < 50) { $list = join(',', @list); } } elsif ($type eq 'regexp') { - &::SendSQL("SELECT userid FROM profiles WHERE " . - $dbh->sql_regexp("login_name", ::SqlQuote($email)) . - " " . $dbh->sql_limit(51)); - while (&::MoreSQLData()) { - my ($id) = &::FetchSQLData(); - push(@list, $id); - } + my $sql_email = $dbh->quote($email); + trick_taint($sql_email); + my $result = $dbh->selectcol_arrayref( + qq{SELECT userid FROM profiles WHERE } . + $dbh->sql_regexp("login_name", $sql_email) . + q{ } . $dbh->sql_limit(51)); + @list = @{$result}; if (scalar(@list) < 50) { $list = join(',', @list); } @@ -1554,13 +1560,10 @@ sub build_subselect { my ($outer, $inner, $table, $cond) = @_; my $q = "SELECT $inner FROM $table WHERE $cond"; #return "$outer IN ($q)"; - &::SendSQL($q); - my @list; - while (&::MoreSQLData()) { - push (@list, &::FetchOneColumn()); - } - return "1=2" unless @list; # Could use boolean type on dbs which support it - return "$outer IN (" . join(',', @list) . ")"; + my $dbh = Bugzilla->dbh; + my $list = $dbh->selectcol_arrayref($q); + return "1=2" unless @$list; # Could use boolean type on dbs which support it + return "$outer IN (" . join(',', @$list) . ")"; } sub GetByWordList { @@ -1572,7 +1575,8 @@ sub GetByWordList { my $word = $w; if ($word ne "") { $word =~ tr/A-Z/a-z/; - $word = &::SqlQuote(quotemeta($word)); + $word = $dbh->quote(quotemeta($word)); + trick_taint($word); $word =~ s/^'//; $word =~ s/'$//; $word = '(^|[^a-z0-9])' . $word . '($|[^a-z0-9])'; @@ -1588,10 +1592,13 @@ sub GetByWordListSubstr { my ($field, $strs) = (@_); my @list; my $dbh = Bugzilla->dbh; + my $sql_word; foreach my $word (split(/[\s,]+/, $strs)) { if ($word ne "") { - push(@list, $dbh->sql_position(lc(::SqlQuote($word)), + $sql_word = $dbh->quote($word); + trick_taint($word); + push(@list, $dbh->sql_position(lc($sql_word), "LOWER($field)") . " > 0"); } } |