Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-15 03:00:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 208847: Fix taint issues in editgroups.cgi

Browse Source 
Patch by byron jones <bugzilla@glob.com.au>,
r=jouni, a=justdave
This commit is contained in:
jouni%heikniemi.net 2004-05-23 07:07:50 +00:00
parent dcef7492af
commit defd8e0ab6
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
webtools/bugzilla/editgroups.cgi
View File

@ -1,4 +1,4 @@
#!/usr/bin/perl -w #!/usr/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*- # -*- Mode: perl; indent-tabs-mode: nil -*-
# #
# The contents of this file are subject to the Mozilla Public # The contents of this file are subject to the Mozilla Public
@ -173,6 +173,7 @@ if ($action eq 'changeform') {
PutHeader("Change Group"); PutHeader("Change Group");
my $gid = trim($::FORM{group} || ''); my $gid = trim($::FORM{group} || '');
detaint_natural($gid);
unless ($gid) { unless ($gid) {
ShowError("No group specified.<BR>" . ShowError("No group specified.<BR>" .
"Click the <b>Back</b> button and try again."); "Click the <b>Back</b> button and try again.");
@ -181,7 +182,7 @@ if ($action eq 'changeform') {
} }
SendSQL("SELECT id, name, description, userregexp, isactive, isbuggroup SendSQL("SELECT id, name, description, userregexp, isactive, isbuggroup
FROM groups WHERE id=" . SqlQuote($gid)); FROM groups WHERE id=$gid");
my ($group_id, $name, $description, $rexp, $isactive, $isbuggroup) my ($group_id, $name, $description, $rexp, $isactive, $isbuggroup)
= FetchSQLData(); = FetchSQLData();
@ -329,7 +330,7 @@ if ($action eq 'new') {
# convert an undefined value in the inactive field to zero # convert an undefined value in the inactive field to zero
# (this occurs when the inactive checkbox is not checked # (this occurs when the inactive checkbox is not checked
# and the browser does not send the field to the server) # and the browser does not send the field to the server)
my $isactive = $::FORM{isactive} || 0; my $isactive = $::FORM{isactive} ? 1 : 0;
unless ($name) { unless ($name) {
ShowError("You must enter a name for the new group.<BR>" . ShowError("You must enter a name for the new group.<BR>" .
@ -350,14 +351,6 @@ if ($action eq 'new') {
exit; exit;
} }
if ($isactive != 0 && $isactive != 1) {
ShowError("The active flag was improperly set. There may be " .
"a problem with Bugzilla or a bug in your browser.<br>" .
"Please click the <b>Back</b> button and try again.");
PutFooter();
exit;
}
if (!eval {qr/$regexp/}) { if (!eval {qr/$regexp/}) {
ShowError("The regular expression you entered is invalid. " . ShowError("The regular expression you entered is invalid. " .
"Please click the <b>Back</b> button and try again."); "Please click the <b>Back</b> button and try again.");
@ -406,13 +399,14 @@ if ($action eq 'new') {
if ($action eq 'del') { if ($action eq 'del') {
PutHeader("Delete group"); PutHeader("Delete group");
my $gid = trim($::FORM{group} || ''); my $gid = trim($::FORM{group} || '');
detaint_natural($gid);
unless ($gid) { unless ($gid) {
ShowError("No group specified.<BR>" . ShowError("No group specified.<BR>" .
"Click the <b>Back</b> button and try again."); "Click the <b>Back</b> button and try again.");
PutFooter(); PutFooter();
exit; exit;
} }
SendSQL("SELECT id FROM groups WHERE id=" . SqlQuote($gid)); SendSQL("SELECT id FROM groups WHERE id=$gid");
if (!FetchOneColumn()) { if (!FetchOneColumn()) {
ShowError("That group doesn't exist.<BR>" . ShowError("That group doesn't exist.<BR>" .
"Click the <b>Back</b> button and try again."); "Click the <b>Back</b> button and try again.");
@ -421,7 +415,7 @@ if ($action eq 'del') {
} }
SendSQL("SELECT name,description " . SendSQL("SELECT name,description " .
"FROM groups " . "FROM groups " .
"WHERE id = " . SqlQuote($gid)); "WHERE id=$gid");
my ($name, $desc) = FetchSQLData(); my ($name, $desc) = FetchSQLData();
print "<table border=1>\n"; print "<table border=1>\n";
@ -503,6 +497,7 @@ You cannot delete this group while it is tied to a product.</B><BR>
if ($action eq 'delete') { if ($action eq 'delete') {
PutHeader("Deleting group"); PutHeader("Deleting group");
my $gid = trim($::FORM{group} || ''); my $gid = trim($::FORM{group} || '');
detaint_natural($gid);
unless ($gid) { unless ($gid) {
ShowError("No group specified.<BR>" . ShowError("No group specified.<BR>" .
"Click the <b>Back</b> button and try again."); "Click the <b>Back</b> button and try again.");
@ -511,7 +506,7 @@ if ($action eq 'delete') {
} }
SendSQL("SELECT name " . SendSQL("SELECT name " .
"FROM groups " . "FROM groups " .
"WHERE id = " . SqlQuote($gid)); "WHERE id = $gid");
my ($name) = FetchSQLData(); my ($name) = FetchSQLData();
my $cantdelete = 0; my $cantdelete = 0;
@ -610,6 +605,7 @@ if (($action eq 'remove_all_regexp') || ($action eq 'remove_all')) {
# or all of them period # or all of them period
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
my $gid = $::FORM{group}; my $gid = $::FORM{group};
detaint_natural($gid);
my $sth = $dbh->prepare("SELECT name, userregexp FROM groups my $sth = $dbh->prepare("SELECT name, userregexp FROM groups
WHERE id = ?"); WHERE id = ?");
$sth->execute($gid); $sth->execute($gid);
@ -713,6 +709,7 @@ sub confirmRemove {
# Helper sub to handle the making of changes to a group # Helper sub to handle the making of changes to a group
sub doGroupChanges { sub doGroupChanges {
my $gid = trim($::FORM{group} || ''); my $gid = trim($::FORM{group} || '');
detaint_natural($gid);
unless ($gid) { unless ($gid) {
ShowError("No group specified.<BR>" . ShowError("No group specified.<BR>" .
"Click the <b>Back</b> button and try again."); "Click the <b>Back</b> button and try again.");