172740 - "use of uninitialized variable" warnings

Status: VERIFIED FIXED

(Bugzilla :: Query/Bug List, defect)

Description

[Bradley Baetz (:bbaetz)]

Try doing a search:

buglist.cgi: Use of uninitialized value in string eq at
/var/www/html/bugzilla-misc/buglist.cgi line 86.

You need to test $::FORM{'format'} before doing the string compare

buglist.cgi: Use of uninitialized value in substitution (s///) at globals.pl
line 1643.
buglist.cgi: Use of uninitialized value in pattern match (m//) at
Bugzilla/Util.pm line 114.

These are because GetFormat has:

    $ctype ||= "html";
    
    # Security - allow letters and a hyphen only
    $ctype =~ s/[^a-zA-Z\-]//g;
    $format =~ s/[^a-zA-Z\-]//g;
    trick_taint($ctype);
    trick_taint($format);
    
but doesn't check to see if $format was undef first. You need

$format ||= "";

Comment 1

[Gervase Markham [:gerv]]

Attachment: Patch v.1

Fix problem, plus another one I noticed in my error log.

Gerv

Comment 2

[Bradley Baetz (:bbaetz)]

Comment on attachment 101889 [details] [diff] [review]
Patch v.1

r=bbaetz, but this doesn't include teh 'other issue' you saw in the logs...

Comment 3

[Gervase Markham [:gerv]]

Yes, it does :-) The second change is actually unrelated to the first.

Checking in globals.pl;
/cvsroot/mozilla/webtools/bugzilla/globals.pl,v  <--  globals.pl
new revision: 1.210; previous revision: 1.209
done
Checking in buglist.cgi;
/cvsroot/mozilla/webtools/bugzilla/buglist.cgi,v  <--  buglist.cgi
new revision: 1.198; previous revision: 1.197
done

Gerv

Comment 4

[Bradley Baetz (:bbaetz)]

Yeah, but thats the first thing I mentioned in comment 0 :)