From c34003dcdd1cc0705c5464164f7d4dfd52d6d3d6 Mon Sep 17 00:00:00 2001 From: "dkl%redhat.com" <> Date: Thu, 19 Jun 2008 23:06:27 +0000 Subject: Bug 157092 – Implement a checking mechanism for invalid regexp Patch by David Lawrence - r/a=mkanat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/DB.pm | 9 +++++++++ Bugzilla/DB/Mysql.pm | 8 ++++++-- Bugzilla/DB/Oracle.pm | 8 ++++++-- Bugzilla/DB/Pg.pm | 8 ++++++-- template/en/default/global/user-error.html.tmpl | 5 +++++ 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm index 1617b7fc2..2eba30482 100644 --- a/Bugzilla/DB.pm +++ b/Bugzilla/DB.pm @@ -383,6 +383,15 @@ sub bz_last_key { $table, $column); } +sub bz_check_regexp { + my ($self, $pattern) = @_; + + eval { $self->do("SELECT " . $self->sql_regexp($self->quote("a"), $pattern, 1)) }; + + $@ && ThrowUserError('illegal_regexp', + { value => $pattern, dberror => $self->errstr }); +} + ##################################################################### # Database Setup ##################################################################### diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm index 8bca06f4c..80f1cd793 100644 --- a/Bugzilla/DB/Mysql.pm +++ b/Bugzilla/DB/Mysql.pm @@ -104,13 +104,17 @@ sub bz_last_key { } sub sql_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "$expr REGEXP $pattern"; } sub sql_not_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "$expr NOT REGEXP $pattern"; } diff --git a/Bugzilla/DB/Oracle.pm b/Bugzilla/DB/Oracle.pm index 9f759785e..1387a45cb 100644 --- a/Bugzilla/DB/Oracle.pm +++ b/Bugzilla/DB/Oracle.pm @@ -95,13 +95,17 @@ sub bz_last_key { } sub sql_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "REGEXP_LIKE($expr, $pattern)"; } sub sql_not_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "NOT REGEXP_LIKE($expr, $pattern)" } diff --git a/Bugzilla/DB/Pg.pm b/Bugzilla/DB/Pg.pm index 4777ba89a..a6a2e3281 100644 --- a/Bugzilla/DB/Pg.pm +++ b/Bugzilla/DB/Pg.pm @@ -93,13 +93,17 @@ sub bz_last_key { } sub sql_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "$expr ~* $pattern"; } sub sql_not_regexp { - my ($self, $expr, $pattern) = @_; + my ($self, $expr, $pattern, $nocheck) = @_; + + $self->bz_check_regexp($pattern) if !$nocheck; return "$expr !~* $pattern" } diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 6c3ed7dbc..2d5c3b355 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -783,6 +783,11 @@ [% IF format %] Please use the format '[% format FILTER html %]'. [% END %] + + [% ELSIF error == "illegal_regexp" %] + [% title = "Illegal Regular Expression" %] + The regular expression you provided [% value FILTER html %] is not valid. + The error was: [% dberror FILTER html %]. [% ELSIF error == "insufficient_data_points" %] [% docslinks = {'reporting.html' => 'Reporting'} %] -- cgit v1.2.3-24-g4f1b