Bug 170986 - General Summary reports don't work with taint checking. Also fixes…

Bug 170986 - General Summary reports don't work with taint checking. Also fixes Throw*Error's $extra_vars parameter. Patch by gerv; r=bbaetz.

Bug 170986 - General Summary reports don't work with taint checking. Also fixes…
37dc5c77 · gerv%gerv.net · ca452282 · 37dc5c77 · 37dc5c77
Commit 37dc5c77 authored Sep 27, 2002 by gerv%gerv.net
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

CGI.pl CGI.pl +8 -4

globals.pl globals.pl +2 -0

No files found.
--- a/CGI.pl
+++ b/CGI.pl
@@ -854,8 +854,10 @@ sub ThrowCodeError {
  SendSQL("UNLOCK TABLES") if $unlock_tables;
  
  # Copy the extra_vars into the vars hash 
-  @::vars{keys %$extra_vars} = values %$extra_vars;
-
+  foreach my $var (keys %$extra_vars) {
+      $vars->{$var} = $extra_vars->{$var};
+  }
+  
  # We may one day log something to file here also.
  $vars->{'variables'} = $extra_vars;
  
@@ -873,8 +875,10 @@ sub ThrowUserError {
  SendSQL("UNLOCK TABLES") if $unlock_tables;
 
  # Copy the extra_vars into the vars hash 
-  @::vars{keys %$extra_vars} = values %$extra_vars;
-
+  foreach my $var (keys %$extra_vars) {
+      $vars->{$var} = $extra_vars->{$var};
+  }
+  
  print "Content-type: text/html\n\n" if !$vars->{'header_done'};
  $template->process("global/user-error.html.tmpl", $vars)
    || ThrowTemplateError($template->error());

--- a/globals.pl
+++ b/globals.pl
@@ -1637,6 +1637,8 @@ sub GetFormat {
    # Security - allow letters and a hyphen only
    $ctype =~ s/[^a-zA-Z\-]//g;
    $format =~ s/[^a-zA-Z\-]//g;
+    trick_taint($ctype);
+    trick_taint($format);
    
    $template .= ($format ? "-$format" : "");
    $template .= ".$ctype.tmpl";