Closed Bug 1083861 Opened 10 years ago Closed 10 years ago

The regex for the commands allows injection of characters prior to rpp

Categories

(Firefox OS Graveyard :: Gaia, defect)

Product:
Firefox OS Graveyard
Component:
Gaia
Platform:
Other
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wmathanaraj, Assigned: marta)

References

Details

Attachments

(2 files)

bug_1083861.patch
620 bytes, patch
freddy
: feedback+
Details | Diff | Splinter Review
bug_1083861_new.patch
1014 bytes, patch
freddy
: review+
Details | Diff | Splinter Review
Impact: no direct impact currently, but unexpected application flow make causes issues in the future. Fix: match ^rpp instead of just rpp
Blocks: 1083953
Assignee: bugzilla → marta
Status: NEW → ASSIGNED
Attachment #8507719 - Flags: review?(fbraun)
Comment on attachment 8507719 [details] [diff] [review] bug_1083861.patch Review of attachment 8507719 [details] [diff] [review]: ----------------------------------------------------------------- ::: dev_apps/privacy-panel/js/privacy-panel.js @@ +238,4 @@ > */ > _onSMSReceived: function(event) { > var match, cmd, passkey, body = event.message.body, > + rgx = /^rpp\s(lock|ring|locate|wipe)\s([a-z0-9]{1,100})$/i; With the wipe command left out, it should be removed from the regular expression. (With the very small patch details bugzilla is showing me it also looks like "rgx" is not declared as "var rgx" (or "let rgx") and thus not properly bound to a scope. If this has not been done elswhere in the code, it will leak in the global scope)
Attachment #8507719 - Flags: review?(fbraun) → feedback+
Attachment #8507780 - Flags: review?(fbraun)
Attachment #8507780 - Flags: review?(fbraun) → review+
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Blocks: 1088565
No longer blocks: 1088565
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: