diff options
-rw-r--r-- | Bugzilla/Constants.pm | 2 | ||||
-rw-r--r-- | Bugzilla/FlagType.pm | 14 | ||||
-rw-r--r-- | Bugzilla/Search.pm | 4 | ||||
-rw-r--r-- | Bugzilla/Template.pm | 2 | ||||
-rwxr-xr-x | editflagtypes.cgi | 3 | ||||
-rwxr-xr-x | jobqueue.pl | 8 |
6 files changed, 26 insertions, 7 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 78336818f..d0770cf73 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -202,7 +202,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.2.1"; +use constant BUGZILLA_VERSION => "4.2.1+"; # Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm index 9541d9340..5fc00e137 100644 --- a/Bugzilla/FlagType.pm +++ b/Bugzilla/FlagType.pm @@ -686,7 +686,10 @@ sub sqlify_criteria { } if ($criteria->{product_id}) { my $product_id = $criteria->{product_id}; - + detaint_natural($product_id) + || ThrowCodeError('bad_arg', { argument => 'product_id', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + # Add inclusions to the query, which simply involves joining the table # by flag type ID and target product/component. push(@$tables, "INNER JOIN flaginclusions AS i ON flagtypes.id = i.type_id"); @@ -703,6 +706,10 @@ sub sqlify_criteria { my $addl_join_clause = ""; if ($criteria->{component_id}) { my $component_id = $criteria->{component_id}; + detaint_natural($component_id) + || ThrowCodeError('bad_arg', { argument => 'component_id', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + push(@criteria, "(i.component_id = $component_id OR i.component_id IS NULL)"); $join_clause .= "AND (e.component_id = $component_id OR e.component_id IS NULL) "; } @@ -716,7 +723,10 @@ sub sqlify_criteria { } if ($criteria->{group}) { my $gid = $criteria->{group}; - detaint_natural($gid); + detaint_natural($gid) + || ThrowCodeError('bad_arg', { argument => 'group', + function => 'Bugzilla::FlagType::sqlify_criteria' }); + push(@criteria, "(flagtypes.grant_group_id = $gid " . " OR flagtypes.request_group_id = $gid)"); } diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 6f1061e2c..e70933db0 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -1747,9 +1747,9 @@ sub do_search_function { sub _do_operator_function { my ($self, $func_args) = @_; my $operator = $func_args->{operator}; - my $operator_func = OPERATORS->{$$operator} + my $operator_func = OPERATORS->{$operator} || ThrowCodeError("search_field_operator_unsupported", - { operator => $$operator }); + { operator => $operator }); $self->$operator_func($func_args); } diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index f069b19d2..870053b46 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -69,7 +69,7 @@ use constant FORMAT_2_SIZE => [19,55]; # Pseudo-constant. sub SAFE_URL_REGEXP { my $safe_protocols = join('|', SAFE_PROTOCOLS); - return qr/($safe_protocols):[^\s<>\"]+[\w\/]/i; + return qr/($safe_protocols):[^:\s<>\"][^\s<>\"]+[\w\/]/i; } # Convert the constants in the Bugzilla::Constants module into a hash we can diff --git a/editflagtypes.cgi b/editflagtypes.cgi index d78942c07..d75bebba2 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -156,6 +156,9 @@ if ($action eq 'list') { my $component_id = $component ? $component->id : 0; my $show_flag_counts = $cgi->param('show_flag_counts') ? 1 : 0; my $group_id = $cgi->param('group'); + if ($group_id) { + detaint_natural($group_id) || ThrowUserError('invalid_group_ID'); + } my $bug_flagtypes; my $attach_flagtypes; diff --git a/jobqueue.pl b/jobqueue.pl index 3d495c422..775fe8dd6 100755 --- a/jobqueue.pl +++ b/jobqueue.pl @@ -22,8 +22,14 @@ # Max Kanat-Alexander <mkanat@bugzilla.org> use strict; + +use Cwd qw(abs_path); use File::Basename; -BEGIN { chdir dirname($0); } +BEGIN { + # Untaint the abs_path. + my ($a) = abs_path($0) =~ /^(.*)$/; + chdir dirname($a); +} use lib qw(. lib); use Bugzilla; |