summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Constants.pm2
-rw-r--r--Bugzilla/FlagType.pm14
-rw-r--r--Bugzilla/Search.pm4
-rw-r--r--Bugzilla/Template.pm2
-rwxr-xr-xeditflagtypes.cgi3
-rwxr-xr-xjobqueue.pl8
6 files changed, 26 insertions, 7 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 78336818f..d0770cf73 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -202,7 +202,7 @@ use Memoize;
# CONSTANTS
#
# Bugzilla version
-use constant BUGZILLA_VERSION => "4.2.1";
+use constant BUGZILLA_VERSION => "4.2.1+";
# Location of the remote and local XML files to track new releases.
use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml';
diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm
index 9541d9340..5fc00e137 100644
--- a/Bugzilla/FlagType.pm
+++ b/Bugzilla/FlagType.pm
@@ -686,7 +686,10 @@ sub sqlify_criteria {
}
if ($criteria->{product_id}) {
my $product_id = $criteria->{product_id};
-
+ detaint_natural($product_id)
+ || ThrowCodeError('bad_arg', { argument => 'product_id',
+ function => 'Bugzilla::FlagType::sqlify_criteria' });
+
# Add inclusions to the query, which simply involves joining the table
# by flag type ID and target product/component.
push(@$tables, "INNER JOIN flaginclusions AS i ON flagtypes.id = i.type_id");
@@ -703,6 +706,10 @@ sub sqlify_criteria {
my $addl_join_clause = "";
if ($criteria->{component_id}) {
my $component_id = $criteria->{component_id};
+ detaint_natural($component_id)
+ || ThrowCodeError('bad_arg', { argument => 'component_id',
+ function => 'Bugzilla::FlagType::sqlify_criteria' });
+
push(@criteria, "(i.component_id = $component_id OR i.component_id IS NULL)");
$join_clause .= "AND (e.component_id = $component_id OR e.component_id IS NULL) ";
}
@@ -716,7 +723,10 @@ sub sqlify_criteria {
}
if ($criteria->{group}) {
my $gid = $criteria->{group};
- detaint_natural($gid);
+ detaint_natural($gid)
+ || ThrowCodeError('bad_arg', { argument => 'group',
+ function => 'Bugzilla::FlagType::sqlify_criteria' });
+
push(@criteria, "(flagtypes.grant_group_id = $gid " .
" OR flagtypes.request_group_id = $gid)");
}
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index 6f1061e2c..e70933db0 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -1747,9 +1747,9 @@ sub do_search_function {
sub _do_operator_function {
my ($self, $func_args) = @_;
my $operator = $func_args->{operator};
- my $operator_func = OPERATORS->{$$operator}
+ my $operator_func = OPERATORS->{$operator}
|| ThrowCodeError("search_field_operator_unsupported",
- { operator => $$operator });
+ { operator => $operator });
$self->$operator_func($func_args);
}
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index f069b19d2..870053b46 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -69,7 +69,7 @@ use constant FORMAT_2_SIZE => [19,55];
# Pseudo-constant.
sub SAFE_URL_REGEXP {
my $safe_protocols = join('|', SAFE_PROTOCOLS);
- return qr/($safe_protocols):[^\s<>\"]+[\w\/]/i;
+ return qr/($safe_protocols):[^:\s<>\"][^\s<>\"]+[\w\/]/i;
}
# Convert the constants in the Bugzilla::Constants module into a hash we can
diff --git a/editflagtypes.cgi b/editflagtypes.cgi
index d78942c07..d75bebba2 100755
--- a/editflagtypes.cgi
+++ b/editflagtypes.cgi
@@ -156,6 +156,9 @@ if ($action eq 'list') {
my $component_id = $component ? $component->id : 0;
my $show_flag_counts = $cgi->param('show_flag_counts') ? 1 : 0;
my $group_id = $cgi->param('group');
+ if ($group_id) {
+ detaint_natural($group_id) || ThrowUserError('invalid_group_ID');
+ }
my $bug_flagtypes;
my $attach_flagtypes;
diff --git a/jobqueue.pl b/jobqueue.pl
index 3d495c422..775fe8dd6 100755
--- a/jobqueue.pl
+++ b/jobqueue.pl
@@ -22,8 +22,14 @@
# Max Kanat-Alexander <mkanat@bugzilla.org>
use strict;
+
+use Cwd qw(abs_path);
use File::Basename;
-BEGIN { chdir dirname($0); }
+BEGIN {
+ # Untaint the abs_path.
+ my ($a) = abs_path($0) =~ /^(.*)$/;
+ chdir dirname($a);
+}
use lib qw(. lib);
use Bugzilla;