Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
4c07cc48
Commit
4c07cc48
authored
Jan 22, 2002
by
bbaetz%student.usyd.edu.au
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 121074 - taint error after changing bug
r=daa@distributed.net,jake
parent
8e2dfa5a
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
13 additions
and
15 deletions
+13
-15
globals.pl
globals.pl
+1
-1
process_bug.cgi
process_bug.cgi
+12
-14
No files found.
globals.pl
View file @
4c07cc48
...
@@ -213,7 +213,7 @@ sub SendSQL {
...
@@ -213,7 +213,7 @@ sub SendSQL {
# b) We want to know who called SendSQL...
# b) We want to know who called SendSQL...
# Is there a better way to do b?
# Is there a better way to do b?
if
(
is_tainted
(
$str
))
{
if
(
is_tainted
(
$str
))
{
die
"Attempted to send tainted string to the database"
;
die
"Attempted to send tainted string
'$str'
to the database"
;
}
}
my
$iswrite
=
(
$str
=~
/^(INSERT|REPLACE|UPDATE|DELETE)/i
);
my
$iswrite
=
(
$str
=~
/^(INSERT|REPLACE|UPDATE|DELETE)/i
);
...
...
process_bug.cgi
View file @
4c07cc48
...
@@ -92,20 +92,6 @@ if (defined $::FORM{'dup_id'} && $::FORM{'knob'} eq "duplicate") {
...
@@ -92,20 +92,6 @@ if (defined $::FORM{'dup_id'} && $::FORM{'knob'} eq "duplicate") {
DuplicateUserConfirm
();
DuplicateUserConfirm
();
}
}
# If the user has a bug list and is processing one bug, then after
# we process the bug we are going to show them the next bug on their
# list. Thus we have to make sure this bug ID is also valid,
# since a malicious cracker might alter their cookies for the purpose
# gaining access to bugs they are not authorized to access.
if
(
defined
$::COOKIE
{
"BUGLIST"
}
&&
defined
$::FORM
{
'id'
}
)
{
my
@buglist
=
split
(
/:/
,
$::COOKIE
{
"BUGLIST"
}
);
my
$idx
=
lsearch
(
\
@buglist
,
$::FORM
{
"id"
}
);
if
(
$idx
<
$#buglist
)
{
my
$nextbugid
=
$buglist
[
$idx
+
1
];
ValidateBugID
(
$nextbugid
);
}
}
######################################################################
######################################################################
# End Data/Security Validation
# End Data/Security Validation
######################################################################
######################################################################
...
@@ -484,6 +470,18 @@ if ($action eq Param("move-button-text")) {
...
@@ -484,6 +470,18 @@ if ($action eq Param("move-button-text")) {
print
"<TITLE>Update Bug "
.
join
(
" "
,
@idlist
)
.
"</TITLE>\n"
;
print
"<TITLE>Update Bug "
.
join
(
" "
,
@idlist
)
.
"</TITLE>\n"
;
if
(
defined
$::FORM
{
'id'
})
{
if
(
defined
$::FORM
{
'id'
})
{
navigation_header
();
navigation_header
();
if
(
defined
$::next_bug
)
{
# If there is another bug, then we're going to display it,
# so check that its a legal bug
# We need to check that its a number first
if
(
!
(
detaint_natural
(
$::next_bug
)
&&
CanSeeBug
(
$::next_bug
)))
{
# This isn't OK
# Rather than error out (which could validly happen if there
# was a bug in the list whose group was changed in the meantime)
# just remove references to it
undef
$::next_bug
;
}
}
}
}
print
"<HR>\n"
;
print
"<HR>\n"
;
$::query
=
"update bugs\nset"
;
$::query
=
"update bugs\nset"
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
