From 29021b187f042f023584dd3986c086ca68bef0a2 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Fri, 25 Apr 2003 03:49:27 +0000
Subject: Bug 192677: Add new test to flag failure-to-filter situations in the
 templates, and correct the XSS holes that were discovered as a result of it.
 Patch by Gervase Markham <gerv@mozilla.org> r= myk, bbaetz, justdave a=
 justdave

---
 duplicates.cgi | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'duplicates.cgi')

diff --git a/duplicates.cgi b/duplicates.cgi
index 1a3c08a9f..64a3f7ab3 100755
--- a/duplicates.cgi
+++ b/duplicates.cgi
@@ -74,7 +74,7 @@ my $sortby = formvalue("sortby");
 my $changedsince = formvalue("changedsince", 7);
 my $maxrows = formvalue("maxrows", 100);
 my $openonly = formvalue("openonly");
-my $reverse = formvalue("reverse");
+my $reverse = formvalue("reverse") ? 1 : 0;
 my $product = formvalue("product");
 my $sortvisible = formvalue("sortvisible");
 my @buglist = (split(/[:,]/, formvalue("bug_id")));
@@ -159,8 +159,14 @@ if (!tie(%before, 'AnyDBM_File', "data/duplicates/dupes$whenever",
     $dobefore = 1;
 }
 
+my $origmaxrows = $maxrows;
 detaint_natural($maxrows)
-  || ThrowUserError("invalid_maxrows", { maxrows => $maxrows});
+  || ThrowUserError("invalid_maxrows", { maxrows => $origmaxrows});
+
+my $origchangedsince = $changedsince;
+detaint_natural($changedsince)
+  || ThrowUserError("invalid_changedsince", 
+                    { changedsince => $origchangedsince });
 
 my @bugs;
 my @bug_ids; 
-- 
cgit v1.2.3-24-g4f1b