Patch by Brian Duggan <bduggan@oven.com> -- security improvements.

This commit is contained in:
terry%mozilla.org 2000-03-07 18:23:00 +00:00
Родитель 3d1c7c6a0f
Коммит f4f83ff6a4
6 изменённых файлов: 13 добавлений и 5 удалений

Просмотреть файл

@ -842,6 +842,9 @@ sub CheckIfVotedConfirmed {
sub DumpBugActivity {
my ($id, $starttime) = (@_);
my $datepart = "";
die "Invalid id: $id" unless $id=~/^\s*\d+\s*$/;
if (defined $starttime) {
$datepart = "and bugs_activity.bug_when >= $starttime";
}

Просмотреть файл

@ -170,6 +170,7 @@ sub GenerateSQL {
}
if (defined $F{'sql'}) {
die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/;
push(@wherepart, "( $F{'sql'} )");
}
@ -887,6 +888,8 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") {
$::FORM{'order'} =~ s/assign\.login_name/map_assigned_to.login_name/g;
# Another backwards compatability hack.
die "Invalid order: $::FORM{'order'}" unless
$::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/;
ORDER: for ($::FORM{'order'}) {
/\./ && do {
# This (hopefully) already has fieldnames in it, so we're done.

Просмотреть файл

@ -41,6 +41,7 @@ confirm_login();
print "Content-type: text/html\n\n";
my $id = $::FORM{'id'};
die "invalid id: $id" unless $id=~/^\s*\d+\s*$/;
PutHeader("Create an attachment", "Create attachment", "Bug $id");

Просмотреть файл

@ -206,7 +206,7 @@ and bugs.reporter = report.userid
FIN
if( $::FORM{'product'} ne "-All-" ) {
$query .= "and bugs.product='$::FORM{'product'}'";
$query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
$query .= <<FIN;
@ -572,7 +572,7 @@ sub most_doomed_for_milestone
my $query;
$query = "select distinct assigned_to from bugs where target_milestone=\"$ms\"";
if( $::FORM{'product'} ne "-All-" ) {
$query .= "and bugs.product='$::FORM{'product'}'";
$query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
$query .= <<FIN;
and
@ -600,7 +600,7 @@ FIN
{
my $query = "select count(bug_id) from bugs,profiles where target_milestone=\"$ms\" and userid=assigned_to and userid=\"$person\"";
if( $::FORM{'product'} ne "-All-" ) {
$query .= "and bugs.product='$::FORM{'product'}'";
$query .= "and bugs.product=".SqlQuote($::FORM{'product'})";
}
$query .= <<FIN;
and
@ -696,7 +696,7 @@ sub most_recently_doomed
my $query;
$query = "select distinct assigned_to from bugs where bugs.bug_status='NEW' and target_milestone='' and bug_severity!='enhancement' and status_whiteboard='' and (product='Browser' or product='MailNews')";
if( $::FORM{'product'} ne "-All-" ) {
$query .= "and bugs.product='$::FORM{'product'}'";
$query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
# End build up $query string

Просмотреть файл

@ -29,7 +29,7 @@ ConnectToDatabase();
my @row;
if (defined $::FORM{'attach_id'}) {
SendSQL("select mimetype, thedata from attachments where attach_id = $::FORM{'attach_id'}");
SendSQL("select mimetype, thedata from attachments where attach_id =".SqlQuote($::FORM{'attach_id'});
@row = FetchSQLData();
}
if (!@row) {

Просмотреть файл

@ -26,6 +26,7 @@ use strict;
require "CGI.pl";
my $id = $::FORM{'id'};
die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/;
my $urlbase = Param("urlbase");
my %seen;