From d38fe0e5cab4a7efaba8a79a22a85b0e67817441 Mon Sep 17 00:00:00 2001
From: "terry%mozilla.org" <>
Date: Wed, 8 Mar 2000 02:22:41 +0000
Subject: Patch by Brian Duggan <bduggan@oven.com> -- security improvements.

---
 buglist.cgi | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index 43d46c7ea..75549e730 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -170,6 +170,7 @@ sub GenerateSQL {
     }
 
     if (defined $F{'sql'}) {
+        die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/;
         push(@wherepart, "( $F{'sql'} )");
     }
 
@@ -887,6 +888,8 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") {
     $::FORM{'order'} =~ s/assign\.login_name/map_assigned_to.login_name/g;
                                 # Another backwards compatability hack.
     
+    die "Invalid order: $::FORM{'order'}" unless
+        $::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/;
     ORDER: for ($::FORM{'order'}) {
         /\./ && do {
             # This (hopefully) already has fieldnames in it, so we're done.
-- 
cgit v1.2.3-24-g4f1b