|
3.59 KB,
patch
|
Max Kanat-Alexander
:
review+
|
Details | Diff | Splinter Review |
|
661 bytes,
patch
|
Max Kanat-Alexander
:
review+
|
Details | Diff | Splinter Review |
Bugzilla::Product::check_product() throws an error if you pass a product name which doesn't exist, letting the user know whether it's a valid product name or not. This is going to be fixed in Bugzilla 4.2 as part of bug 519835.
|
||
Updated•7 years ago
|
||
|
(Assignee) | |
Comment 1•7 years ago
|
||
duplicates.cgi is also vulnerable, at least in 3.2.
|
|
(Assignee) | |
Comment 2•7 years ago
|
||
Created attachment 456194 [details] [diff] [review] patch for 3.2 and 3.4, v1 Here is the patch for 3.2. I didn't want to create a new constant as it's for branches only.
|
|
||
Comment 3•7 years ago
|
||
Comment on attachment 456194 [details] [diff] [review] patch for 3.2 and 3.4, v1 This looks right. For newer branches you should just be able to use check().
|
|
(Assignee) | |
Comment 4•7 years ago
|
||
(In reply to comment #3) > For newer branches you should just be able to use check(). For 3.6, I think so. But 3.4 has no custom check() method (which is needed to override the error message).
|
|
||
Comment 5•7 years ago
|
||
(In reply to comment #4) > For 3.6, I think so. But 3.4 has no custom check() method (which is needed to > override the error message). Ah, okay.
|
|
(Assignee) | |
Comment 6•7 years ago
|
||
Comment on attachment 456194 [details] [diff] [review] patch for 3.2 and 3.4, v1 The same patch applies and works for 3.2 and 3.4.
|
|
(Assignee) | |
Comment 7•7 years ago
|
||
It will be ready on time for the next releases.
|
|
(Assignee) | |
Comment 8•7 years ago
|
||
I finally checked in bug 519835 in 4.0, so Bugzilla 3.7.3 doesn't need to be fixed in this bug. duplicates.cgi was already fixed since Bugzilla 3.6rc1 thanks to bug 514970. Both request.cgi and duplicates.cgi were affected since Bugzilla 2.17.1.
|
|
(Assignee) | |
Comment 9•7 years ago
|
||
Created attachment 456259 [details] [diff] [review] patch for 3.6, v1 Bugzilla 3.6 has a custom check() method in Product.pm, which throws the appropriate error. So we can use it here.
|
|
||
Updated•7 years ago
|
||
|
|
||
Comment 10•7 years ago
|
||
Comment on attachment 456259 [details] [diff] [review] patch for 3.6, v1 Yeah, obviously correct. :-)
|
|
||
Updated•7 years ago
|
||
|
||
Updated•7 years ago
|
||
|
|
(Assignee) | |
Updated•7 years ago
|
||
|
|
(Assignee) | |
Comment 11•7 years ago
|
||
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/3.6/ modified request.cgi Committed revision 7159. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/3.4/ modified duplicates.cgi modified request.cgi modified Bugzilla/Product.pm Committed revision 6773. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/3.2/ modified duplicates.cgi modified request.cgi modified Bugzilla/Product.pm Committed revision 6394.
Description
•