From 62097c29203f5e5a5e63168298c3fd1f1b846fb0 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Mon, 25 May 2009 16:59:18 +0000 Subject: Bug 494369: Do not throw an error if the 'order' parameter contains invalid columns for buglists - Patch by Frédéric Buclin r=wicked a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- buglist.cgi | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'buglist.cgi') diff --git a/buglist.cgi b/buglist.cgi index 2cf7a0136..2eee0edd9 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -165,7 +165,6 @@ my $serverpush = || $cgi->param('serverpush'); my $order = $cgi->param('order') || ""; -my $order_from_cookie = 0; # True if $order set using the LASTORDER cookie # The params object to use for the actual query itself my $params; @@ -890,8 +889,6 @@ if (!$order || $order =~ /^reuse/i) { # Cookies from early versions of Specific Search included this text, # which is now invalid. $order =~ s/ LIMIT 200//; - - $order_from_cookie = 1; } else { $order = ''; # Remove possible "reuse" identifier as unnecessary @@ -920,7 +917,7 @@ if ($order) { last ORDER; }; do { - my @order; + my (@order, @invalid_fragments); my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns)); # A custom list of columns. Make sure each column is valid. foreach my $fragment (split(/,/, $order)) { @@ -933,16 +930,14 @@ if ($order) { push(@order, $fragment); } else { - my $vars = { fragment => $fragment }; - if ($order_from_cookie) { - $cgi->remove_cookie('LASTORDER'); - ThrowCodeError("invalid_column_name_cookie", $vars); - } - else { - ThrowCodeError("invalid_column_name_form", $vars); - } + push(@invalid_fragments, $fragment); } } + if (scalar @invalid_fragments) { + $vars->{'message'} = 'invalid_column_name'; + $vars->{'invalid_fragments'} = \@invalid_fragments; + } + $order = join(",", @order); # Now that we have checked that all columns in the order are valid, # detaint the order string. -- cgit v1.2.3-24-g4f1b