From bc521effbd39f4e88e8de50dac650acd8a46705f Mon Sep 17 00:00:00 2001 From: "jake%acutex.net" <> Date: Thu, 31 May 2001 22:52:23 +0000 Subject: Bugzilla was leaking information about bugs marked secure (using bug groups). This checkin fixes bugs 39524, 39527, 39531, and 39533. Patches by Myk Melez . r= jake@acutex.net --- showdependencygraph.cgi | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'showdependencygraph.cgi') diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index f15534be3..df377c096 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -25,8 +25,28 @@ use strict; require "CGI.pl"; +ConnectToDatabase(); + +quietly_check_login(); + +$::usergroupset = $::usergroupset; # More warning suppression silliness. + +###################################################################### +# Begin Data/Security Validation +###################################################################### + +# Make sure the bug ID is a positive integer representing an existing +# bug that the user is authorized to access. +if (defined $::FORM{'id'}) { + ValidateBugID($::FORM{'id'}); +} + +###################################################################### +# End Data/Security Validation +###################################################################### + my $id = $::FORM{'id'}; -die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/; + my $urlbase = Param("urlbase"); my %seen; @@ -51,10 +71,6 @@ $::FORM{'rankdir'} = "LR" if !defined $::FORM{'rankdir'}; if (defined $id) { - ConnectToDatabase(); - quietly_check_login(); - $::usergroupset = $::usergroupset; # More warning suppression silliness. - mkdir("data/webdot", 0777); my $filename = "data/webdot/$$.dot"; -- cgit v1.2.3-24-g4f1b