diff options
-rw-r--r-- | CGI.pl | 3 | ||||
-rwxr-xr-x | buglist.cgi | 3 | ||||
-rwxr-xr-x | createattachment.cgi | 1 | ||||
-rwxr-xr-x | reports.cgi | 8 | ||||
-rwxr-xr-x | showattachment.cgi | 2 | ||||
-rwxr-xr-x | showdependencygraph.cgi | 1 |
6 files changed, 13 insertions, 5 deletions
@@ -842,6 +842,9 @@ sub CheckIfVotedConfirmed { sub DumpBugActivity { my ($id, $starttime) = (@_); my $datepart = ""; + + die "Invalid id: $id" unless $id=~/^\s*\d+\s*$/; + if (defined $starttime) { $datepart = "and bugs_activity.bug_when >= $starttime"; } diff --git a/buglist.cgi b/buglist.cgi index 43d46c7ea..75549e730 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -170,6 +170,7 @@ sub GenerateSQL { } if (defined $F{'sql'}) { + die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/; push(@wherepart, "( $F{'sql'} )"); } @@ -887,6 +888,8 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") { $::FORM{'order'} =~ s/assign\.login_name/map_assigned_to.login_name/g; # Another backwards compatability hack. + die "Invalid order: $::FORM{'order'}" unless + $::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/; ORDER: for ($::FORM{'order'}) { /\./ && do { # This (hopefully) already has fieldnames in it, so we're done. diff --git a/createattachment.cgi b/createattachment.cgi index 1eaf9b1ea..fa370d710 100755 --- a/createattachment.cgi +++ b/createattachment.cgi @@ -41,6 +41,7 @@ confirm_login(); print "Content-type: text/html\n\n"; my $id = $::FORM{'id'}; +die "invalid id: $id" unless $id=~/^\s*\d+\s*$/; PutHeader("Create an attachment", "Create attachment", "Bug $id"); diff --git a/reports.cgi b/reports.cgi index 6c8ededcf..805de8da9 100755 --- a/reports.cgi +++ b/reports.cgi @@ -206,7 +206,7 @@ and bugs.reporter = report.userid FIN if( $::FORM{'product'} ne "-All-" ) { - $query .= "and bugs.product='$::FORM{'product'}'"; + $query .= "and bugs.product=".SqlQuote($::FORM{'product'}); } $query .= <<FIN; @@ -572,7 +572,7 @@ sub most_doomed_for_milestone my $query; $query = "select distinct assigned_to from bugs where target_milestone=\"$ms\""; if( $::FORM{'product'} ne "-All-" ) { - $query .= "and bugs.product='$::FORM{'product'}'"; + $query .= "and bugs.product=".SqlQuote($::FORM{'product'}); } $query .= <<FIN; and @@ -600,7 +600,7 @@ FIN { my $query = "select count(bug_id) from bugs,profiles where target_milestone=\"$ms\" and userid=assigned_to and userid=\"$person\""; if( $::FORM{'product'} ne "-All-" ) { - $query .= "and bugs.product='$::FORM{'product'}'"; + $query .= "and bugs.product=".SqlQuote($::FORM{'product'})"; } $query .= <<FIN; and @@ -696,7 +696,7 @@ sub most_recently_doomed my $query; $query = "select distinct assigned_to from bugs where bugs.bug_status='NEW' and target_milestone='' and bug_severity!='enhancement' and status_whiteboard='' and (product='Browser' or product='MailNews')"; if( $::FORM{'product'} ne "-All-" ) { - $query .= "and bugs.product='$::FORM{'product'}'"; + $query .= "and bugs.product=".SqlQuote($::FORM{'product'}); } # End build up $query string diff --git a/showattachment.cgi b/showattachment.cgi index d5dcfb8df..4a1864b3b 100755 --- a/showattachment.cgi +++ b/showattachment.cgi @@ -29,7 +29,7 @@ ConnectToDatabase(); my @row; if (defined $::FORM{'attach_id'}) { - SendSQL("select mimetype, thedata from attachments where attach_id = $::FORM{'attach_id'}"); + SendSQL("select mimetype, thedata from attachments where attach_id =".SqlQuote($::FORM{'attach_id'}); @row = FetchSQLData(); } if (!@row) { diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index b15fe8d44..f15534be3 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -26,6 +26,7 @@ use strict; require "CGI.pl"; my $id = $::FORM{'id'}; +die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/; my $urlbase = Param("urlbase"); my %seen; |