Last Comment Bug 38855 - showvotes.cgi needs to escape (untrusted) url params
: showvotes.cgi needs to escape (untrusted) url params
Status: RESOLVED FIXED
security
:
Product: Bugzilla
Classification: Server Software
Component: Bugzilla-General (show other bugs)
: unspecified
: Other Other
: P3 normal (vote)
: Bugzilla 2.14
Assigned To: Myk Melez [:myk] [@mykmelez]
: default-qa
Mentors:
http://bugzilla.mozilla.org/showvotes...
: 39537 (view as bug list)
Depends on:
Blocks: 38852
  Show dependency treegraph
 
Reported: 2000-05-10 16:08 PDT by Jesse Ruderman
Modified: 2012-12-18 20:46 PST (History)
1 user (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
validates user, bug_id, and voteon parameters (3.28 KB, patch)
2001-05-04 17:17 PDT, Myk Melez [:myk] [@mykmelez]
no flags Details | Diff | Splinter Review
uses DisplayError function to simplify display of errors (3.51 KB, patch)
2001-05-09 14:28 PDT, Myk Melez [:myk] [@mykmelez]
no flags Details | Diff | Splinter Review

Description Jesse Ruderman 2000-05-10 16:08:39 PDT

    
Comment 1 Dave Miller [:justdave] (justdave@bugzilla.org) 2001-02-27 19:00:05 PST
moving to real milestones...
Comment 2 Myk Melez [:myk] [@mykmelez] 2001-05-04 17:15:06 PDT
-> myself & I have a patch
Comment 3 Myk Melez [:myk] [@mykmelez] 2001-05-04 17:17:13 PDT
Created attachment 33256 [details] [diff] [review]
validates user, bug_id, and voteon parameters
Comment 4 Andreas Franke (gone) 2001-05-05 07:19:09 PDT
What about a subroutine ErrorExit(Title, ErrMsg) for these lines:
+    print "Content-type: text/html\n\n";
+    PutHeader($Title);
+    print "<p>$ErrMsg<p>\n";
+    PutFooter();
+    exit;

This could be useful elsewhere, too...
Comment 5 Jacob Steenhagen 2001-05-07 15:53:42 PDT
I'm not sure that it needs to validate the bug number/UID against the
database... I think it'd probably be enough that it made sure it was a number.
But I suppose taking the validation the next step does allow for better error
messages, and it does only validate the one that "matters".

So, all in all, I'd say r=jake
Comment 6 Jacob Steenhagen 2001-05-08 12:16:43 PDT
*** Bug 39537 has been marked as a duplicate of this bug. ***
Comment 7 Myk Melez [:myk] [@mykmelez] 2001-05-09 14:28:31 PDT
Created attachment 33749 [details] [diff] [review]
uses DisplayError function to simplify display of errors
Comment 8 Myk Melez [:myk] [@mykmelez] 2001-05-09 14:29:05 PDT
Jake, could you re-review my new patch?
Comment 9 Jacob Steenhagen 2001-05-09 15:39:36 PDT
Using the Param("errorhtml")... nice touch :)

r=jake
Comment 10 Dave Miller [:justdave] (justdave@bugzilla.org) 2001-05-09 19:55:14 PDT
Checked in.
Comment 11 Dave Miller [:justdave] (justdave@bugzilla.org) 2001-09-02 23:43:59 PDT
Moving to Bugzilla product

Note You need to log in before you can comment on or make changes to this bug.