mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-01-26 23:23:33 +00:00
Landing Adam Spiers' contributions for security and small functional issues
This commit is contained in:
parent
e73ec619dc
commit
133606438f
@ -263,7 +263,12 @@ sub cvsmenu {
|
||||
print "<b>$title</b><br><ul>\n";
|
||||
foreach $i (@::TreeList) {
|
||||
$branch = '';
|
||||
$branch = "&branch=$::TreeInfo{$i}{'branch'}"
|
||||
# HACK ALERT
|
||||
# quick fix by adam:
|
||||
# when browsing with rview, branch needs to be in 'rev' param
|
||||
# not 'branch' param. don't ask me why ...
|
||||
my $hack = ($page eq 'rview.cgi') ? 'rev' : 'branch';
|
||||
$branch = "&$hack=$::TreeInfo{$i}{'branch'}"
|
||||
if $::TreeInfo{$i}{'branch'};
|
||||
|
||||
$desc = $::TreeInfo{$i}{'shortdesc'};
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/usr/bonsaitools/bin/perl -w
|
||||
#!/usr/local/bin/perl -w
|
||||
# -*- Mode: perl; indent-tabs-mode: nil -*-
|
||||
# cvsview.cgi - fake up some HTML based on RCS logs and diffs
|
||||
#
|
||||
@ -400,7 +400,7 @@ my $opt_subdir;
|
||||
foreach my $option (split(/&/, $query_string)) {
|
||||
die("command $opt_command: garbled option $option\n")
|
||||
if ($option !~ /^([^=]+)=(.*)/);
|
||||
eval('$opt_' . $1 . '=' . SqlQuote($2));
|
||||
${"opt_$1"} = SqlQuote($2);
|
||||
die("bogus characters in options")
|
||||
if ($option !~ /^[\w\-\.\+\/\,\:\=]+$/ );
|
||||
}
|
||||
|
@ -517,7 +517,8 @@ sub DataDir {
|
||||
|
||||
# Make sure it exists...
|
||||
unless (-d $dir) {
|
||||
system ("rm", "-rf", "$dir;", "mkdir", "-p", $dir);
|
||||
system ("rm", "-rf", $dir);
|
||||
system ("mkdir", "-p", $dir);
|
||||
die "Couldn't create '$dir'\n"
|
||||
unless (-d $dir);
|
||||
chmod(0777, $dir);
|
||||
|
@ -276,6 +276,7 @@ List users with login name matching:
|
||||
</SELECT>
|
||||
<BR>
|
||||
<INPUT TYPE=SUBMIT VALUE="Submit">
|
||||
</FORM>
|
||||
};
|
||||
PutTrailer();
|
||||
exit;
|
||||
|
@ -66,18 +66,27 @@ sub CrossCheck {
|
||||
}
|
||||
while (@_) {
|
||||
my $ref = shift @_;
|
||||
my $t2 = shift @$ref;
|
||||
my $f2 = shift @$ref;
|
||||
my %exceptions;
|
||||
foreach my $v (@$ref) {
|
||||
$exceptions{$v} = 1;
|
||||
}
|
||||
my ($t2, $f2, $key2, $exceptions) = @$ref;
|
||||
|
||||
$exceptions ||= [];
|
||||
my %exceptions = map { $_ => 1 } @$exceptions;
|
||||
|
||||
Status("... from $t2.$f2");
|
||||
SendSQL("SELECT DISTINCT $f2 FROM $t2");
|
||||
|
||||
SendSQL("SELECT DISTINCT $f2" . ($key2 ? ", $key2" : '') ." FROM $t2");
|
||||
while (MoreSQLData()) {
|
||||
my $value = FetchOneColumn();
|
||||
my ($value, $key) = FetchSQLData();
|
||||
if (!$valid{$value} && !$exceptions{$value}) {
|
||||
Alert("Bad value $value found in $t2.$f2");
|
||||
my $alert = "Bad value $value found in $t2.$f2";
|
||||
if ($key2) {
|
||||
if ($key2 eq 'bug_id') {
|
||||
$alert .= qq{ (<a href="show_bug.cgi?id=$key">bug $key</a>)};
|
||||
}
|
||||
else {
|
||||
$alert .= " ($key2 == '$key')";
|
||||
}
|
||||
Alert($alert);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -128,14 +137,14 @@ CrossCheck("bugs", "bug_id",
|
||||
["keywords", "bug_id"]);
|
||||
|
||||
CrossCheck("profiles", "userid",
|
||||
["bugs", "reporter"],
|
||||
["bugs", "assigned_to"],
|
||||
["bugs", "qa_contact", 0],
|
||||
["attachments", "submitter_id"],
|
||||
["bugs_activity", "who"],
|
||||
["cc", "who"],
|
||||
["votes", "who"],
|
||||
["longdescs", "who"],
|
||||
["bugs", "reporter", "bug_id"],
|
||||
["bugs", "assigned_to", "bug_id"],
|
||||
["bugs", "qa_contact", "bug_id", ["0"]],
|
||||
["attachments", "submitter_id", "bug_id"],
|
||||
["bugs_activity", "who", "bug_id"],
|
||||
["cc", "who", "bug_id"],
|
||||
["votes", "who", "bug_id"],
|
||||
["longdescs", "who", "bug_id"],
|
||||
["namedqueries", "userid"]);
|
||||
|
||||
|
||||
@ -237,9 +246,9 @@ foreach my $ref (@checklist) {
|
||||
Status("Checking profile logins");
|
||||
|
||||
my $emailregexp = Param("emailregexp");
|
||||
|
||||
$emailregexp =~ s/'/\\'/g;
|
||||
SendSQL("SELECT userid, login_name FROM profiles " .
|
||||
"WHERE login_name NOT REGEXP " . SqlQuote($emailregexp));
|
||||
"WHERE login_name NOT REGEXP '" . $emailregexp . "'");
|
||||
|
||||
|
||||
while (my ($id,$email) = (FetchSQLData())) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user