From 6470353dd6731b8ef37d056dd7e7f4b2549d2f22 Mon Sep 17 00:00:00 2001 From: "justdave%syndicomm.com" <> Date: Wed, 4 Jul 2001 11:41:27 +0000 Subject: Fix for bug 59349: Processmail now runs in taint (perl -T and $db->{Taint}=1) mode. Hooks also added to globals.pl to make converting other files in Bugzilla to run in Taint mode easier. Patch by Jake Steenhagen r= justdave@syndicomm.com --- processmail | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) (limited to 'processmail') diff --git a/processmail b/processmail index de0f4c7fe..0fcdbbdde 100755 --- a/processmail +++ b/processmail @@ -1,4 +1,4 @@ -#!/usr/bonsaitools/bin/perl -w +#!/usr/bonsaitools/bin/perl -wT # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public @@ -27,11 +27,19 @@ use diagnostics; use strict; +use lib "."; require "globals.pl"; use RelationSet; + +# Shut up misguided -w warnings about "used only once". +sub processmail_sillyness { + my $zz; + $zz = $::db; +} + $| = 1; umask(0); @@ -102,6 +110,10 @@ sub ProcessOneBug { $values{$i} = shift(@row); } my ($start, $end) = (@row); + # $start and $end are considered safe because users can't touch them + $start = detaint_string($start); + $end = detaint_string($end); + my $ccSet = new RelationSet(); $ccSet->mergeFromDB("SELECT who FROM cc WHERE bug_id = $id"); $values{'cc'} = $ccSet->toString(); @@ -471,22 +483,20 @@ sub filterEmailGroup ($$$) { foreach my $person (@emailList) { - my $userid; my $lastCount = @filteredList; if ( $person eq '' ) { next; } - SendSQL("SELECT userid FROM profiles WHERE login_name = " - . SqlQuote($person) ); + my $userid = DBname_to_id($person); - if ( !($userid = FetchSQLData()) ) { + if ( ! $userid ) { push(@filteredList,$person); next; } SendSQL("SELECT emailflags FROM profiles WHERE " . "userid = $userid" ); - + my ($userFlagString) = FetchSQLData(); # If the sender doesn't want email, exclude them from list @@ -622,6 +632,12 @@ sub NewProcessOnePerson ($$$$$$$$$$) { return; } + # Sanitize $values{'groupset'} + if ($values{'groupset'} =~ m/(\d+)/) { + $values{'groupset'} = $1; + } else { + $values{'groupset'} = 0; + } SendSQL("SELECT userid, groupset & $values{'groupset'} " . "FROM profiles WHERE login_name = " . SqlQuote($person)); my ($userid, $groupset) = (FetchSQLData()); @@ -706,6 +722,9 @@ sub NewProcessOnePerson ($$$$$$$$$$) { # Code starts here ConnectToDatabase(); +# Set Taint mode for the SQL +$::db->{Taint} = 1; +# ^^^ Taint mode is still a work in progress... GetVersionTable(); if (open(FID, "\n"; + exit; + } + ProcessOneBug($bugnum); } exit; -- cgit v1.2.3-24-g4f1b