From 6133b82636f84fe8c0b2370a452117fbb95ec5c7 Mon Sep 17 00:00:00 2001
From: "terry%mozilla.org" <>
Date: Wed, 2 Feb 2000 07:48:13 +0000
Subject: Nothing was checking that the bug number you entered for a duplicate
bug was actually a legal bug number.
---
process_bug.cgi | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
(limited to 'process_bug.cgi')
diff --git a/process_bug.cgi b/process_bug.cgi
index d5ae66c39..b9be355b2 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -358,27 +358,29 @@ SWITCH: for ($::FORM{'knob'}) {
CheckFormFieldDefined(\%::FORM,'dup_id');
}
my $num = trim($::FORM{'dup_id'});
- if ($num !~ /^[0-9]*$/) {
+ SendSQL("SELECT bug_id FROM bugs WHERE bug_id = " . SqlQuote($num));
+ $num = FetchOneColumn();
+ if (!$num) {
print "You must specify a bug number of which this bug is a\n";
print "duplicate. The bug has not been changed.\n";
PutFooter();
exit;
}
- if (defined($::FORM{'id'}) && $::FORM{'dup_id'} == $::FORM{'id'}) {
+ if (!defined($::FORM{'id'}) || $num == $::FORM{'id'}) {
print "Nice try, $::FORM{'who'}. But it doesn't really make sense to mark a\n";
print "bug as a duplicate of itself, does it?\n";
PutFooter();
exit;
}
- AppendComment($::FORM{'dup_id'}, $::FORM{'who'}, "*** Bug $::FORM{'id'} has been marked as a duplicate of this bug. ***");
+ AppendComment($num, $::FORM{'who'}, "*** Bug $::FORM{'id'} has been marked as a duplicate of this bug. ***");
if ( Param('strictvaluechecks') ) {
CheckFormFieldDefined(\%::FORM,'comment');
}
- $::FORM{'comment'} .= "\n\n*** This bug has been marked as a duplicate of $::FORM{'dup_id'} ***";
+ $::FORM{'comment'} .= "\n\n*** This bug has been marked as a duplicate of $num ***";
- print "
Notation added to bug $::FORM{'dup_id'}\n";
- system("./processmail $::FORM{'dup_id'} $::FORM{'who'}");
- print " | Go To BUG# $::FORM{'dup_id'} |
\n";
+ print "Notation added to bug $num\n";
+ system("./processmail $num $::FORM{'who'}");
+ print " | Go To BUG# $num |
\n";
last SWITCH;
};
--
cgit v1.2.3-24-g4f1b