From 39f125ca3b0dcd3e1d7318de2e193e4335a4b9a1 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Thu, 21 Mar 2013 13:09:12 +0800 Subject: Bug 853314: unable to edit bugzilla push options - insecure dependency --- contrib/sanitizeme.pl | 8 ++++++++ extensions/Push/lib/Admin.pm | 3 ++- extensions/Push/lib/BacklogMessage.pm | 4 ++++ extensions/Push/lib/Backoff.pm | 4 ++++ extensions/Push/lib/LogEntry.pm | 4 ++++ extensions/Push/lib/Message.pm | 4 ++++ 6 files changed, 26 insertions(+), 1 deletion(-) diff --git a/contrib/sanitizeme.pl b/contrib/sanitizeme.pl index 362700be0..a2376f46d 100755 --- a/contrib/sanitizeme.pl +++ b/contrib/sanitizeme.pl @@ -161,11 +161,19 @@ sub delete_sensitive_user_data { $dbh->do("DELETE FROM tokens"); $dbh->do("DELETE FROM logincookies"); $dbh->do("DELETE FROM login_failure"); + $dbh->do("DELETE FROM audit_log"); + # queued bugmail $dbh->do("DELETE FROM ts_error"); $dbh->do("DELETE FROM ts_exitstatus"); $dbh->do("DELETE FROM ts_funcmap"); $dbh->do("DELETE FROM ts_job"); $dbh->do("DELETE FROM ts_note"); + # push extension messages + $dbh->do("DELETE FROM push"); + $dbh->do("DELETE FROM push_backlog"); + $dbh->do("DELETE FROM push_backoff"); + $dbh->do("DELETE FROM push_log"); + $dbh->do("DELETE FROM push_options"); } sub delete_attachment_data { diff --git a/extensions/Push/lib/Admin.pm b/extensions/Push/lib/Admin.pm index d7df25c09..f579409bd 100644 --- a/extensions/Push/lib/Admin.pm +++ b/extensions/Push/lib/Admin.pm @@ -13,7 +13,7 @@ use warnings; use Bugzilla; use Bugzilla::Error; use Bugzilla::Extension::Push::Util; -use Bugzilla::Util qw(trim detaint_natural); +use Bugzilla::Util qw(trim detaint_natural trick_taint); use base qw(Exporter); our @EXPORT = qw( @@ -67,6 +67,7 @@ sub _update_config_from_form { # update foreach my $option ($config->options) { my $option_name = $option->{name}; + trick_taint($values->{$option_name}); $config->{$option_name} = $values->{$option_name}; } $config->update(); diff --git a/extensions/Push/lib/BacklogMessage.pm b/extensions/Push/lib/BacklogMessage.pm index f9496fa24..8f5263038 100644 --- a/extensions/Push/lib/BacklogMessage.pm +++ b/extensions/Push/lib/BacklogMessage.pm @@ -12,6 +12,10 @@ use warnings; use base 'Bugzilla::Object'; +use constant AUDIT_CREATES => 0; +use constant AUDIT_UPDATES => 0; +use constant AUDIT_REMOVES => 0; + use Bugzilla; use Bugzilla::Error; use Bugzilla::Extension::Push::Util; diff --git a/extensions/Push/lib/Backoff.pm b/extensions/Push/lib/Backoff.pm index bc302a2a9..c0ea15a59 100644 --- a/extensions/Push/lib/Backoff.pm +++ b/extensions/Push/lib/Backoff.pm @@ -12,6 +12,10 @@ use warnings; use base 'Bugzilla::Object'; +use constant AUDIT_CREATES => 0; +use constant AUDIT_UPDATES => 0; +use constant AUDIT_REMOVES => 0; + use Bugzilla; use Bugzilla::Util; diff --git a/extensions/Push/lib/LogEntry.pm b/extensions/Push/lib/LogEntry.pm index b883ee095..303c19da4 100644 --- a/extensions/Push/lib/LogEntry.pm +++ b/extensions/Push/lib/LogEntry.pm @@ -12,6 +12,10 @@ use warnings; use base 'Bugzilla::Object'; +use constant AUDIT_CREATES => 0; +use constant AUDIT_UPDATES => 0; +use constant AUDIT_REMOVES => 0; + use Bugzilla; use Bugzilla::Error; use Bugzilla::Extension::Push::Constants; diff --git a/extensions/Push/lib/Message.pm b/extensions/Push/lib/Message.pm index 3d112a2e1..ebe32d0ea 100644 --- a/extensions/Push/lib/Message.pm +++ b/extensions/Push/lib/Message.pm @@ -12,6 +12,10 @@ use warnings; use base 'Bugzilla::Object'; +use constant AUDIT_CREATES => 0; +use constant AUDIT_UPDATES => 0; +use constant AUDIT_REMOVES => 0; + use Bugzilla; use Bugzilla::Error; use Bugzilla::Extension::Push::Util; -- cgit v1.2.3-24-g4f1b