Closed Bug 178800 Opened 23 years ago Closed 23 years ago

Graphical Charts fail with taint error with perl 5.6.0

Categories

(Bugzilla :: Reporting/Charting, defect, P1)

Product:
Bugzilla
Component:
Reporting/Charting
Version:
2.17
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: bugreport, Assigned: gerv)

References

Details

Attachments

(1 file, 4 obsolete files)

patch v4: consistent spacing
2.01 KB, patch
gerv
: review+
gerv
: review+
Details | Diff | Splinter Review
On sites with 5.6.0 (mothra), queries for graphical charts such as severity versus status are tainted. This is most likely due to taints being propagated through my @selectnames = map($columns{$_}, @axis_fields); in report.cgi
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.18
Comment on attachment 105429 [details] [diff] [review] patch v1: fixes problem per bbaetz' suggestion r=joel
Attachment #105429 - Flags: review+
Comment on attachment 105429 [details] [diff] [review] patch v1: fixes problem per bbaetz' suggestion a=justdave but I want a second r= from someone besides me and joel before it gets checked in.
Attachment #105429 - Flags: review+
Attached patch patch v2: w/validation (obsolete) — Splinter Review
Here's an approach that validates the data before detainting and using it.
Attachment #105429 - Attachment is obsolete: true
Attachment #105433 - Attachment is obsolete: true
Comment on attachment 105433 [details] [diff] [review] patch v3: validation plus filters out html >+# Validate the values in the axis fields or throw an error. >+!$row_field >+ || ($columns{$row_field} && trick_taint($row_field)) >+ || ThrowCodeError("report_axis_invalid", >+ { val=>$row_field, fld=>"horizontal axis"}); This won't localise properly; you either need three errors, or to pass an additional tag ("horizontal_axis", "mult_tables" etc.) which you can fork on in the error template. Other than that, looks good. Gerv
Attachment #105433 - Flags: review-
Attached patch patch v3: localizable (obsolete) — Splinter Review
Attachment #105432 - Attachment is obsolete: true
Comment on attachment 105459 [details] [diff] [review] patch v3: localizable >+# Validate the values in the axis fields or throw an error. >+!$row_field >+ || ($columns{$row_field} && trick_taint($row_field)) >+ || ThrowCodeError("report_axis_invalid", { fld=>"x", val=>$row_field}); Nit: inconsistent spacing inside {} brackets. Fix that, and r=gerv. Gerv
Attachment #105459 - Flags: review+
re: inconsistent spacing; good catch, done. Did you really mean to call this a "nit" or withhold review because of it? When I use that word it means "I want you to change that, but I won't deny you review if you don't." We should be consistent in how we use it, or we're going to confuse patch authors.
Attachment #105459 - Attachment is obsolete: true
Attachment #105491 - Flags: review+
Comment on attachment 105491 [details] [diff] [review] patch v4: consistent spacing My definition of "Nit" is "small thing that the author will think I'm being really petty about unless I label it as a nit". I tend to specify things which need to be fixed, and things which only could be fixed, independent of that word. So you are right - maybe we do need a definition :-) Gerv
a=justdave
Checking in report.cgi; /cvsroot/mozilla/webtools/bugzilla/report.cgi,v <-- report.cgi new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/global/code-error.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/global/code-error.html.tmpl,v <-- code-error.html.tmpl new revision: 1.22; previous revision: 1.21 done
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: