Closed
Bug 134562
Opened 23 years ago
Closed 23 years ago
taint error in buglist.cgi
Categories
(Bugzilla :: Query/Bug List, defect, P2)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: jayvdb, Assigned: bbaetz)
Details
(Keywords: regression)
Attachments
(1 file, 1 obsolete file)
946 bytes,
patch
|
justdave
:
review+
gerv
:
review+
|
Details | Diff | Splinter Review |
Whilst generating a buglist for a query containing 'votes', Bugzilla returns a software error "Attempted to send tainted string 'SELECT DISTINCT ...' to the database at globals.pl line 235. The taint error is introduced at buglist.cgi line 1193.
Reporter | ||
Comment 1•23 years ago
|
||
copies the 'votes' validation from GenerateSQL.
Reporter | ||
Updated•23 years ago
|
Keywords: patch,
regression
Assignee | ||
Comment 2•23 years ago
|
||
Thats the wrong place, (you're doing it as a side effect there), but I can't reproduce this. What is the query you are running?
Reporter | ||
Comment 3•23 years ago
|
||
I am able to reproduce this on any query that contains votes=1.
Reporter | ||
Comment 4•23 years ago
|
||
I am using perl v5.6.0 (from SuSE perl-5.6.0-81) if that is any help.
Assignee | ||
Comment 5•23 years ago
|
||
OK, this works in 5.6.1. From investigation on IRC, whats happening is that perl 5.6.0 is considering the entire statement to be tainted if any part of the statement is tatined. The fix is just to use the block form of if. The patch I'll attach also fixes a minor buglet I noticed, where if you enter only whitespace in the votes box, the trim() in that code ignores teh field, but the votes column is still pushed anyway. Taking, for 2.16
Assignee: endico → bbaetz
Severity: normal → critical
Keywords: review
Priority: -- → P2
Target Milestone: --- → Bugzilla 2.16
Assignee | ||
Comment 6•23 years ago
|
||
Attachment #76971 -
Attachment is obsolete: true
Comment 7•23 years ago
|
||
Comment on attachment 77205 [details] [diff] [review] v1 r= justdave
Attachment #77205 -
Flags: review+
Comment 8•23 years ago
|
||
Comment on attachment 77205 [details] [diff] [review] v1 r=gerv. Gerv
Attachment #77205 -
Flags: review+
Assignee | ||
Comment 9•23 years ago
|
||
Checked in: Checking in buglist.cgi; /cvsroot/mozilla/webtools/bugzilla/buglist.cgi,v <-- buglist.cgi new revision: 1.164; previous revision: 1.163 done
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•