From bc521effbd39f4e88e8de50dac650acd8a46705f Mon Sep 17 00:00:00 2001
From: "jake%acutex.net" <>
Date: Thu, 31 May 2001 22:52:23 +0000
Subject: Bugzilla was leaking information about bugs marked secure (using bug
 groups). This checkin fixes  bugs 39524, 39527, 39531, and 39533. Patches by
 Myk Melez <myk@mozilla.org>. r= jake@acutex.net

---
 showdependencygraph.cgi | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

(limited to 'showdependencygraph.cgi')

diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index f15534be3..df377c096 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -25,8 +25,28 @@ use strict;
 
 require "CGI.pl";
 
+ConnectToDatabase();
+
+quietly_check_login();
+
+$::usergroupset = $::usergroupset; # More warning suppression silliness.
+
+######################################################################
+# Begin Data/Security Validation
+######################################################################
+
+# Make sure the bug ID is a positive integer representing an existing
+# bug that the user is authorized to access.
+if (defined $::FORM{'id'}) {
+  ValidateBugID($::FORM{'id'});
+}
+
+######################################################################
+# End Data/Security Validation
+######################################################################
+
 my $id = $::FORM{'id'};
-die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/;
+
 my $urlbase = Param("urlbase");
 
 my %seen;
@@ -51,10 +71,6 @@ $::FORM{'rankdir'} = "LR" if !defined $::FORM{'rankdir'};
 
 
 if (defined $id) {
-    ConnectToDatabase();
-    quietly_check_login();
-    $::usergroupset = $::usergroupset; # More warning suppression silliness.
-
     mkdir("data/webdot", 0777);
 
     my $filename = "data/webdot/$$.dot";
-- 
cgit v1.2.3-24-g4f1b