Last Comment Bug 39536 - showdependencytree.cgi needs to validate "id" param
: showdependencytree.cgi needs to validate "id" param
Status: RESOLVED FIXED
security
:
Product: Bugzilla
Classification: Server Software
Component: Bugzilla-General (show other bugs)
: unspecified
: Other Other
: P3 normal (vote)
: Bugzilla 2.14
Assigned To: Myk Melez [:myk] [@mykmelez]
: default-qa
:
Mentors:
Depends on: 39531
Blocks: 38852
  Show dependency treegraph
 
Reported: 2000-05-16 18:03 PDT by Jesse Ruderman
Modified: 2012-12-18 20:46 PST (History)
0 users
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Jesse Ruderman 2000-05-16 18:03:25 PDT
showdependencytree.cgi feeds an unchecked "id" parameter to the person viewing 
the page and also to the sql server.

Replace:
my $id = $::FORM{'id'};
my $linkedid = qq{<a href="show_bug.cgi?id=$id">$id</a>};

With:
my $id = $::FORM{'id'};
die "Invalid id: $id" unless $id =~ /^\s*\d+\s*$/;
my $linkedid = qq{<a href="show_bug.cgi?id=$id">$id</a>};

(i don't actually know perl.  "die" line copied from showdependencygraph.cgi.)
Comment 1 Dave Miller [:justdave] (justdave@bugzilla.org) 2001-02-27 19:10:04 PST
moving to real milestones...
Comment 2 Myk Melez [:myk] [@mykmelez] 2001-05-30 17:38:25 PDT
The patch for bug 39531 also fixes this bug.  Reassigning to myself and setting
dependency.
Comment 3 Myk Melez [:myk] [@mykmelez] 2001-05-30 18:26:49 PDT
accepting
Comment 4 Myk Melez [:myk] [@mykmelez] 2001-06-01 17:38:42 PDT
Resolving this fixed since the patch for bug 39531 was checked in and has fixed
this bug.
Comment 5 Dave Miller [:justdave] (justdave@bugzilla.org) 2001-09-02 23:39:27 PDT
Moving to Bugzilla product

Note You need to log in before you can comment on or make changes to this bug.