Closed Bug 304044 Opened 19 years ago Closed 19 years ago

missing scalar() for some parameters

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
2.20
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.22

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

(Keywords: regression)

Attachments

(1 file)

patch, v1
4.82 KB, patch
mkanat
: review+
Details | Diff | Splinter Review 
Some parameters passed to routines should be evaluated in a scalar context, but
unfortunately they are not. These regressions were introduced when doing
deFORMication. Mea culpa, I was the reviewer. :(

Till now, these regressions were hidden by prototypes which forced these
parameters to be evaluated in a scalar context. But with bug 303669 and the
removal of prototypes, some of these regressions are now clearly visible, see
bug 303669 comment 11.

I will try to submit a patch asap.

Here are the following cases which I won't consider:

1.1) if ($cgi->param('foo') eq $bar)
1.2) if ($cgi->param('foo') && $cgi->param('bar'))
2) Foo($cgi->param('bar')) # only 1 parameter

In these cases, I think it doesn't hurt what the context is.

The only cases which I will consider are:

3.1) Foo($cgi->param('bar'), $cgi->param('baz'))
3.2) Foo($cgi->param('bar'), $baz)
3.3) Foo($bar, $cgi->param('baz'))
Status: NEW → ASSIGNED
Target Milestone: --- → Bugzilla 2.20
also, when there is a clear check of the form:

if (defined $cgi->param('foo')) {
    Bar($cgi->param('foo'), $baz);
}

I don't write scalar() as we can reasonably expect $cgi->param('foo') to be
evaluated correctly.

Please don't tell me SQL statements are also affected. :(

$dbh->do("INSERT INTO foo (bar1, bar2) VALUES (?, ?)", undef,
         ($cgi->param('baz1'), $baz2))

Here the regexp I'm going to use for this patch:

grep -nPR '(\(|,)\s*\$cgi-\>param' *

This may help the reviewer to understand how I proceeded.
Attached patch patch, v1Splinter Review 
This patch and the patch about removing prototypes have to be applied together
due to ValidateDependencies() in post_bug.cgi which now takes only 2
parameters, while the prototype says 3 (runtests.pl complains if you let the
prototype). I let it as is to prevent to bitrot mkanat's patch.

Most of the time, parameters are checked before being passed to routines. In
process_bug.cgi, most parameters are checked using check_form_field and
check_form_field_defined... except comments if commentonxxx is turned off and
privacy, explaining why AppendComment failed miserably.
Attachment #192151 - Flags: review?(mkanat)
Comment on attachment 192151 [details] [diff] [review]
patch, v1

Yeah, this is good. And it's good to have, too, because anything that became a
method (as GetFormat and AppendComment will become) would have hit this anyway.
Attachment #192151 - Flags: review?(mkanat) → review+
We aren't removing prototypes on the 2.20 branch, so this doesn't need to be
targeted at 2.20.
Flags: approval?
Target Milestone: Bugzilla 2.20 → Bugzilla 2.22
Flags: approval? → approval+
Checking in chart.cgi;
/cvsroot/mozilla/webtools/bugzilla/chart.cgi,v  <--  chart.cgi
new revision: 1.13; previous revision: 1.12
done
Checking in post_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/post_bug.cgi,v  <--  post_bug.cgi
new revision: 1.122; previous revision: 1.121
done
Checking in process_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v  <--  process_bug.cgi
new revision: 1.275; previous revision: 1.274
done
Checking in report.cgi;
/cvsroot/mozilla/webtools/bugzilla/report.cgi,v  <--  report.cgi
new revision: 1.31; previous revision: 1.30
done
Checking in userprefs.cgi;
/cvsroot/mozilla/webtools/bugzilla/userprefs.cgi,v  <--  userprefs.cgi
new revision: 1.85; previous revision: 1.84
done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: