summaryrefslogtreecommitdiffstats
path: root/buglist.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-xbuglist.cgi24
1 files changed, 24 insertions, 0 deletions
diff --git a/buglist.cgi b/buglist.cgi
index d49e7ed25..d74563f25 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -639,7 +639,14 @@ sub GenerateSQL {
push(@funcnames, $key);
}
+ # first we delete any sign of "Chart #-1" from the HTML form hash
+ # since we want to guarantee the user didn't hide something here
+ my @badcharts = grep /^(field|type|value)-1-/, (keys %F);
+ foreach my $field (@badcharts) {
+ delete $F{$field};
+ }
+ # now we take our special chart and stuff it into the form hash
my $chart = -1;
my $row = 0;
foreach my $ref (@specialchart) {
@@ -738,6 +745,13 @@ sub GenerateSQL {
# out duplicates.
# $suppstring = String which is pasted into query containing all table names
+ # get a list of field names to verify the user-submitted chart fields against
+ my %chartfields;
+ SendSQL("SELECT name FROM fielddefs");
+ while (MoreSQLData()) {
+ my ($name) = FetchSQLData();
+ $chartfields{$name} = 1;
+ }
$row = 0;
for ($chart=-1 ;
@@ -759,6 +773,16 @@ sub GenerateSQL {
if ($f eq "noop" || $t eq "noop" || $v eq "") {
next;
}
+ # chart -1 is generated by other code above, not from the user-
+ # submitted form, so we'll blindly accept any values in chart -1
+ if ((!$chartfields{$f}) && ($chart != -1)) {
+ my $errstr = "Can't use " . html_quote($f) . " as a field name. " .
+ "If you think you're getting this in error, please copy the " .
+ "entire URL out of the address bar at the top of your browser " .
+ "window and email it to <109679\@bugzilla.org>";
+ die "Internal error: $errstr" if $chart < 0;
+ return Error($errstr);
+ }
$q = SqlQuote($v);
my $func;
$term = undef;