зеркало из https://github.com/mozilla/pjs.git
Patch by Brian Duggan <bduggan@oven.com> -- security improvements.
This commit is contained in:
Родитель
3d1c7c6a0f
Коммит
f4f83ff6a4
|
@ -842,6 +842,9 @@ sub CheckIfVotedConfirmed {
|
|||
sub DumpBugActivity {
|
||||
my ($id, $starttime) = (@_);
|
||||
my $datepart = "";
|
||||
|
||||
die "Invalid id: $id" unless $id=~/^\s*\d+\s*$/;
|
||||
|
||||
if (defined $starttime) {
|
||||
$datepart = "and bugs_activity.bug_when >= $starttime";
|
||||
}
|
||||
|
|
|
@ -170,6 +170,7 @@ sub GenerateSQL {
|
|||
}
|
||||
|
||||
if (defined $F{'sql'}) {
|
||||
die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/;
|
||||
push(@wherepart, "( $F{'sql'} )");
|
||||
}
|
||||
|
||||
|
@ -887,6 +888,8 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") {
|
|||
$::FORM{'order'} =~ s/assign\.login_name/map_assigned_to.login_name/g;
|
||||
# Another backwards compatability hack.
|
||||
|
||||
die "Invalid order: $::FORM{'order'}" unless
|
||||
$::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/;
|
||||
ORDER: for ($::FORM{'order'}) {
|
||||
/\./ && do {
|
||||
# This (hopefully) already has fieldnames in it, so we're done.
|
||||
|
|
|
@ -41,6 +41,7 @@ confirm_login();
|
|||
print "Content-type: text/html\n\n";
|
||||
|
||||
my $id = $::FORM{'id'};
|
||||
die "invalid id: $id" unless $id=~/^\s*\d+\s*$/;
|
||||
|
||||
PutHeader("Create an attachment", "Create attachment", "Bug $id");
|
||||
|
||||
|
|
|
@ -206,7 +206,7 @@ and bugs.reporter = report.userid
|
|||
FIN
|
||||
|
||||
if( $::FORM{'product'} ne "-All-" ) {
|
||||
$query .= "and bugs.product='$::FORM{'product'}'";
|
||||
$query .= "and bugs.product=".SqlQuote($::FORM{'product'});
|
||||
}
|
||||
|
||||
$query .= <<FIN;
|
||||
|
@ -572,7 +572,7 @@ sub most_doomed_for_milestone
|
|||
my $query;
|
||||
$query = "select distinct assigned_to from bugs where target_milestone=\"$ms\"";
|
||||
if( $::FORM{'product'} ne "-All-" ) {
|
||||
$query .= "and bugs.product='$::FORM{'product'}'";
|
||||
$query .= "and bugs.product=".SqlQuote($::FORM{'product'});
|
||||
}
|
||||
$query .= <<FIN;
|
||||
and
|
||||
|
@ -600,7 +600,7 @@ FIN
|
|||
{
|
||||
my $query = "select count(bug_id) from bugs,profiles where target_milestone=\"$ms\" and userid=assigned_to and userid=\"$person\"";
|
||||
if( $::FORM{'product'} ne "-All-" ) {
|
||||
$query .= "and bugs.product='$::FORM{'product'}'";
|
||||
$query .= "and bugs.product=".SqlQuote($::FORM{'product'})";
|
||||
}
|
||||
$query .= <<FIN;
|
||||
and
|
||||
|
@ -696,7 +696,7 @@ sub most_recently_doomed
|
|||
my $query;
|
||||
$query = "select distinct assigned_to from bugs where bugs.bug_status='NEW' and target_milestone='' and bug_severity!='enhancement' and status_whiteboard='' and (product='Browser' or product='MailNews')";
|
||||
if( $::FORM{'product'} ne "-All-" ) {
|
||||
$query .= "and bugs.product='$::FORM{'product'}'";
|
||||
$query .= "and bugs.product=".SqlQuote($::FORM{'product'});
|
||||
}
|
||||
|
||||
# End build up $query string
|
||||
|
|
|
@ -29,7 +29,7 @@ ConnectToDatabase();
|
|||
|
||||
my @row;
|
||||
if (defined $::FORM{'attach_id'}) {
|
||||
SendSQL("select mimetype, thedata from attachments where attach_id = $::FORM{'attach_id'}");
|
||||
SendSQL("select mimetype, thedata from attachments where attach_id =".SqlQuote($::FORM{'attach_id'});
|
||||
@row = FetchSQLData();
|
||||
}
|
||||
if (!@row) {
|
||||
|
|
|
@ -26,6 +26,7 @@ use strict;
|
|||
require "CGI.pl";
|
||||
|
||||
my $id = $::FORM{'id'};
|
||||
die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/;
|
||||
my $urlbase = Param("urlbase");
|
||||
|
||||
my %seen;
|
||||
|
|
Загрузка…
Ссылка в новой задаче