showdependencytree.cgi needs to validate "id" param

RESOLVED FIXED in Bugzilla 2.14

Status

()

Bugzilla
Bugzilla-General
P3
normal
RESOLVED FIXED
18 years ago
5 years ago

People

(Reporter: Jesse Ruderman, Assigned: myk)

Tracking

unspecified
Bugzilla 2.14
Other
Other
Dependency tree / graph

Details

(Whiteboard: security)

(Reporter)

Description

18 years ago
showdependencytree.cgi feeds an unchecked "id" parameter to the person viewing 
the page and also to the sql server.

Replace:
my $id = $::FORM{'id'};
my $linkedid = qq{<a href="show_bug.cgi?id=$id">$id</a>};

With:
my $id = $::FORM{'id'};
die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/;
my $linkedid = qq{<a href="show_bug.cgi?id=$id">$id</a>};

(i don't actually know perl.  "die" line copied from showdependencygraph.cgi.)
(Reporter)

Updated

18 years ago
Blocks: 38852
Whiteboard: 2.14

Updated

17 years ago
Whiteboard: 2.14 → 2.14,security
moving to real milestones...
Whiteboard: 2.14,security → security
Target Milestone: --- → Bugzilla 2.14
(Assignee)

Comment 2

16 years ago
The patch for bug 39531 also fixes this bug.  Reassigning to myself and setting
dependency.
Assignee: tara → myk
Depends on: 39531
(Assignee)

Comment 3

16 years ago
accepting
Status: NEW → ASSIGNED
(Assignee)

Comment 4

16 years ago
Resolving this fixed since the patch for bug 39531 was checked in and has fixed
this bug.
Status: ASSIGNED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.