Closed
Bug 340253
Opened 18 years ago
Closed 18 years ago
.cgi scripts should call Throw*Error() instead of die()
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.22
People
(Reporter: LpSolit, Assigned: LpSolit)
References
Details
Attachments
(1 file)
|
3.10 KB,
patch
|
goobix
:
review+
|
Details | Diff | Splinter Review |
die(), among others, displays the real path to your installation, which is reported by some people as a security risk. We should call Throw*Error() as it will also unlock tables if needed.
Only two .cgi scripts still use die():
process_bug.cgi:1894: die "Error in list comparing code";
reports.cgi:235: die "Invalid datasets $datasets";
|
Assignee | |
Comment 1•18 years ago
|
||
This patch fixes the first issue reported in bug 319087 (the easy one).
Attachment #224318 -
Flags: review?(bugzilla-mozilla)
|
||
Comment 2•18 years ago
|
||
Comment on attachment 224318 [details] [diff] [review]
patch, v1
+ Invalid datasets <em>[% datasets FILTER html %]</em>. Only numbers,
+ letters and colons are allowed.
Numbers are to words like digits are to letters. We should stick with 'digits', otherwise people will start to believe that "1234", "a", ":" or "b" are ok but "abc" or "1a" aren't.
r=vladd if you fix that upon checkin (or you can carry the r+ on a new attachment)
Attachment #224318 -
Flags: review+
|
|
||
Updated•18 years ago
|
Status: NEW → ASSIGNED
Flags: approval?
Flags: approval2.22?
|
|
Assignee | |
Updated•18 years ago
|
Attachment #224318 -
Flags: review?(bugzilla-mozilla)
|
||
Updated•18 years ago
|
Flags: approval?
Flags: approval2.22?
Flags: approval2.22+
Flags: approval+
|
|
Assignee | |
Comment 3•18 years ago
|
||
tip:
Checking in process_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v <-- process_bug.cgi
new revision: 1.321; previous revision: 1.320
done
Checking in reports.cgi;
/cvsroot/mozilla/webtools/bugzilla/reports.cgi,v <-- reports.cgi
new revision: 1.82; previous revision: 1.81
done
Checking in template/en/default/global/code-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/code-error.html.tmpl,v <-- code-error.html.tmpl
new revision: 1.69; previous revision: 1.68
done
Checking in template/en/default/global/user-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl,v <-- user-error.html.tmpl
new revision: 1.170; previous revision: 1.169
done
2.22:
Checking in process_bug.cgi;
/cvsroot/mozilla/webtools/bugzilla/process_bug.cgi,v <-- process_bug.cgi
new revision: 1.302.2.1; previous revision: 1.302
done
Checking in reports.cgi;
/cvsroot/mozilla/webtools/bugzilla/reports.cgi,v <-- reports.cgi
new revision: 1.80.2.1; previous revision: 1.80
done
Checking in template/en/default/global/code-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/code-error.html.tmpl,v <-- code-error.html.tmpl
new revision: 1.62.2.1; previous revision: 1.62
done
Checking in template/en/default/global/user-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl,v <-- user-error.html.tmpl
new revision: 1.145.2.12; previous revision: 1.145.2.11
done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•