summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CGI.pl3
-rwxr-xr-xbuglist.cgi3
-rwxr-xr-xcreateattachment.cgi1
-rwxr-xr-xreports.cgi8
-rwxr-xr-xshowattachment.cgi2
-rwxr-xr-xshowdependencygraph.cgi1
6 files changed, 13 insertions, 5 deletions
diff --git a/CGI.pl b/CGI.pl
index 8f80826d2..c8dc98e2c 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -842,6 +842,9 @@ sub CheckIfVotedConfirmed {
sub DumpBugActivity {
my ($id, $starttime) = (@_);
my $datepart = "";
+
+ die "Invalid id: $id" unless $id=~/^\s*\d+\s*$/;
+
if (defined $starttime) {
$datepart = "and bugs_activity.bug_when >= $starttime";
}
diff --git a/buglist.cgi b/buglist.cgi
index 43d46c7ea..75549e730 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -170,6 +170,7 @@ sub GenerateSQL {
}
if (defined $F{'sql'}) {
+ die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/;
push(@wherepart, "( $F{'sql'} )");
}
@@ -887,6 +888,8 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") {
$::FORM{'order'} =~ s/assign\.login_name/map_assigned_to.login_name/g;
# Another backwards compatability hack.
+ die "Invalid order: $::FORM{'order'}" unless
+ $::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/;
ORDER: for ($::FORM{'order'}) {
/\./ && do {
# This (hopefully) already has fieldnames in it, so we're done.
diff --git a/createattachment.cgi b/createattachment.cgi
index 1eaf9b1ea..fa370d710 100755
--- a/createattachment.cgi
+++ b/createattachment.cgi
@@ -41,6 +41,7 @@ confirm_login();
print "Content-type: text/html\n\n";
my $id = $::FORM{'id'};
+die "invalid id: $id" unless $id=~/^\s*\d+\s*$/;
PutHeader("Create an attachment", "Create attachment", "Bug $id");
diff --git a/reports.cgi b/reports.cgi
index 6c8ededcf..805de8da9 100755
--- a/reports.cgi
+++ b/reports.cgi
@@ -206,7 +206,7 @@ and bugs.reporter = report.userid
FIN
if( $::FORM{'product'} ne "-All-" ) {
- $query .= "and bugs.product='$::FORM{'product'}'";
+ $query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
$query .= <<FIN;
@@ -572,7 +572,7 @@ sub most_doomed_for_milestone
my $query;
$query = "select distinct assigned_to from bugs where target_milestone=\"$ms\"";
if( $::FORM{'product'} ne "-All-" ) {
- $query .= "and bugs.product='$::FORM{'product'}'";
+ $query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
$query .= <<FIN;
and
@@ -600,7 +600,7 @@ FIN
{
my $query = "select count(bug_id) from bugs,profiles where target_milestone=\"$ms\" and userid=assigned_to and userid=\"$person\"";
if( $::FORM{'product'} ne "-All-" ) {
- $query .= "and bugs.product='$::FORM{'product'}'";
+ $query .= "and bugs.product=".SqlQuote($::FORM{'product'})";
}
$query .= <<FIN;
and
@@ -696,7 +696,7 @@ sub most_recently_doomed
my $query;
$query = "select distinct assigned_to from bugs where bugs.bug_status='NEW' and target_milestone='' and bug_severity!='enhancement' and status_whiteboard='' and (product='Browser' or product='MailNews')";
if( $::FORM{'product'} ne "-All-" ) {
- $query .= "and bugs.product='$::FORM{'product'}'";
+ $query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
# End build up $query string
diff --git a/showattachment.cgi b/showattachment.cgi
index d5dcfb8df..4a1864b3b 100755
--- a/showattachment.cgi
+++ b/showattachment.cgi
@@ -29,7 +29,7 @@ ConnectToDatabase();
my @row;
if (defined $::FORM{'attach_id'}) {
- SendSQL("select mimetype, thedata from attachments where attach_id = $::FORM{'attach_id'}");
+ SendSQL("select mimetype, thedata from attachments where attach_id =".SqlQuote($::FORM{'attach_id'});
@row = FetchSQLData();
}
if (!@row) {
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index b15fe8d44..f15534be3 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -26,6 +26,7 @@ use strict;
require "CGI.pl";
my $id = $::FORM{'id'};
+die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/;
my $urlbase = Param("urlbase");
my %seen;