summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xquery.cgi47
1 files changed, 25 insertions, 22 deletions
diff --git a/query.cgi b/query.cgi
index 120dca05e..2715b5549 100755
--- a/query.cgi
+++ b/query.cgi
@@ -23,6 +23,7 @@
# Matthias Radestock <matthias@sorted.org>
# Gervase Markham <gerv@gerv.net>
# Byron Jones <bugzilla@glob.com.au>
+# Max Kanat-Alexander <mkanat@kerio.com>
use strict;
use lib ".";
@@ -54,6 +55,7 @@ use vars qw(
);
my $cgi = Bugzilla->cgi;
+my $dbh = Bugzilla->dbh;
if (defined $::FORM{"GoAheadAndLogIn"}) {
# We got here from a login page, probably from relogin.cgi. We better
@@ -83,17 +85,20 @@ if ($userid) {
foreach my $ref (@oldquerycookies) {
my ($name, $cookiename, $value) = (@$ref);
if ($value) {
- my $qname = SqlQuote($name);
- SendSQL("LOCK TABLES namedqueries WRITE");
- SendSQL("SELECT query FROM namedqueries " .
- "WHERE userid = $userid AND name = $qname");
- my $query = FetchOneColumn();
+ # If the query name contains invalid characters, don't import.
+ $name =~ /[<>&]/ && next;
+ trick_taint($name);
+ $dbh->do("LOCK TABLES namedqueries WRITE");
+ my $query = $dbh->selectrow_array(
+ "SELECT query FROM namedqueries " .
+ "WHERE userid = ? AND name = ?",
+ undef, ($userid, $name));
if (!$query) {
- SendSQL("INSERT INTO namedqueries " .
+ $dbh->do("INSERT INTO namedqueries " .
"(userid, name, query) VALUES " .
- "($userid, $qname, " . SqlQuote($value) . ")");
+ "(?, ?, ?)", undef, ($userid, $name, $value));
}
- SendSQL("UNLOCK TABLES");
+ $dbh->do("UNLOCK TABLES");
}
$cgi->send_cookie(-name => $cookiename,
-expires => "Fri, 01-Jan-2038 00:00:00 GMT");
@@ -103,17 +108,19 @@ if ($userid) {
if ($::FORM{'nukedefaultquery'}) {
if ($userid) {
- SendSQL("DELETE FROM namedqueries " .
- "WHERE userid = $userid AND name = " . SqlQuote(DEFAULT_QUERY_NAME));
+ $dbh->do("DELETE FROM namedqueries" .
+ " WHERE userid = ? AND name = ?",
+ undef, ($userid, DEFAULT_QUERY_NAME));
}
$::buffer = "";
}
my $userdefaultquery;
if ($userid) {
- SendSQL("SELECT query FROM namedqueries " .
- "WHERE userid = $userid AND name = " . SqlQuote(DEFAULT_QUERY_NAME));
- $userdefaultquery = FetchOneColumn();
+ $userdefaultquery = $dbh->selectrow_array(
+ "SELECT query FROM namedqueries " .
+ "WHERE userid = ? AND name = ?",
+ undef, ($userid, DEFAULT_QUERY_NAME));
}
my %default;
@@ -389,15 +396,11 @@ $default{'charts'} = \@charts;
# Named queries
if ($userid) {
- my @namedqueries;
- SendSQL("SELECT name FROM namedqueries " .
- "WHERE userid = $userid AND name != " . SqlQuote(DEFAULT_QUERY_NAME) .
- "ORDER BY name");
- while (MoreSQLData()) {
- push(@namedqueries, FetchOneColumn());
- }
-
- $vars->{'namedqueries'} = \@namedqueries;
+ $vars->{'namedqueries'} = $dbh->selectcol_arrayref(
+ "SELECT name FROM namedqueries " .
+ "WHERE userid = ? AND name != ?" .
+ "ORDER BY name",
+ undef, ($userid, DEFAULT_QUERY_NAME));
}
# Sort order