From 1ac9d7ea42444bceb886b61e8d7996dce2ad392b Mon Sep 17 00:00:00 2001 From: "terry%netscape.com" <> Date: Tue, 1 Sep 1998 03:38:47 +0000 Subject: Patch by Sam Ziegler -- do some sanity checking on the list of column names we're given. --- buglist.cgi | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) (limited to 'buglist.cgi') diff --git a/buglist.cgi b/buglist.cgi index bc07173b0..6a0edf86f 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -23,6 +23,7 @@ puts "Content-type: multipart/x-mixed-replace;boundary=ThisRandomString" puts "" puts "--ThisRandomString" + # The below "if catch" stuff, if uncommented, will trap any error, and # mail the error messages to terry. What a hideous, horrible # debugging hack. @@ -155,8 +156,10 @@ select foreach c $collist { - append query ", + if {[info exists needquote($c)] } { + append query ", \t$key($c)" + } } @@ -238,6 +241,7 @@ Click the Back button and try again." } + if {[info exists FORM(order)]} { qadd "order by " switch -glob $FORM(order) { @@ -267,7 +271,6 @@ if {[info exists FORM(debug)]} { puts "
$query
" } flush stdout - SendSQL $query set count 0 @@ -297,15 +300,17 @@ set tablestart " foreach c $collist { - if {$needquote($c)} { - append tablestart "
" - } else { - append tablestart "" - } - if {[info exists sortkey($c)]} { - append tablestart "$title($c)" - } else { - append tablestart $title($c) + if { [info exists needquote($c)] } { + if {$needquote($c)} { + append tablestart "" + } else { + append tablestart "" + } + if {[info exists sortkey($c)]} { + append tablestart "$title($c)" + } else { + append tablestart $title($c) + } } } @@ -366,7 +371,7 @@ while { $p_true } { } - if {$needquote($c)} { + if { [info exists needquote($c)] && $needquote($c)} { set value [html_quote $value] } else { set value "$value" @@ -383,7 +388,6 @@ while { $p_true } { } } } - puts "" puts "--ThisRandomString" @@ -398,7 +402,6 @@ if { [info exists buglist] } { } } puts "" - set env(TZ) PST8PDT PutHeader "Bug List" "Bug List" -- cgit v1.2.3-24-g4f1b