Bug 304044: Missing scalar() for some parameters - Patch by Frédéric Buclin…

chart.cgi

@@ -265,9 +265,7 @@ sub plot {
     validateWidthAndHeight();
     $vars->{'chart'} = new Bugzilla::Chart($cgi);
 
-    my $format = &::GetFormat("reports/chart",
-                              "",
-                              $cgi->param('ctype'));
+    my $format = &::GetFormat("reports/chart", "", scalar($cgi->param('ctype')));
 
     # Debugging PNGs is a pain; we need to be able to see the error messages
     if ($cgi->param('debug')) {

post_bug.cgi

@@ -269,9 +269,8 @@ foreach my $field ("dependson", "blocked") {
 # Gather the dependency list, and make sure there are no circular refs
 my %deps;
 if (UserInGroup("editbugs")) {
-    %deps = Bugzilla::Bug::ValidateDependencies($cgi->param('dependson'),
-                                                $cgi->param('blocked'),
-                                                undef);
+    %deps = Bugzilla::Bug::ValidateDependencies(scalar($cgi->param('dependson')),
+                                                scalar($cgi->param('blocked')));
 }
 
 # get current time

process_bug.cgi

@@ -1288,8 +1288,8 @@ foreach my $id (@idlist) {
     }   
     if (defined $cgi->param('delta_ts') && $cgi->param('delta_ts') ne $delta_ts)
     {
-        ($vars->{'operations'}) = Bugzilla::Bug::GetBugActivity($cgi->param('id'),
-                                                                $cgi->param('delta_ts'));
+        ($vars->{'operations'}) =
+            Bugzilla::Bug::GetBugActivity($id, $cgi->param('delta_ts'));
 
         $vars->{'start_at'} = $cgi->param('longdesclength');
 
@@ -1310,8 +1310,8 @@ foreach my $id (@idlist) {
     }
 
     # Gather the dependency list, and make sure there are no circular refs
-    my %deps = Bugzilla::Bug::ValidateDependencies($cgi->param('dependson'),
-                                                   $cgi->param('blocked'),
+    my %deps = Bugzilla::Bug::ValidateDependencies(scalar($cgi->param('dependson')),
+                                                   scalar($cgi->param('blocked')),
                                                    $id);
 
     #
@@ -1335,8 +1335,8 @@ foreach my $id (@idlist) {
     }
 
     if ($cgi->param('comment') || $work_time) {
-        AppendComment($id, $whoid, $cgi->param('comment'),
-                      $cgi->param('commentprivacy'), $timestamp, $work_time);
+        AppendComment($id, $whoid, scalar($cgi->param('comment')),
+                      scalar($cgi->param('commentprivacy')), $timestamp, $work_time);
         $bug_changed = 1;
     }
 

report.cgi

@@ -293,7 +293,7 @@ else {
     ThrowUserError("unknown_action", {action => $cgi->param('action')});
 }
 
-my $format = GetFormat("reports/report", $formatparam, $cgi->param('ctype'));
+my $format = GetFormat("reports/report", $formatparam, scalar($cgi->param('ctype')));
 
 # If we get a template or CGI error, it comes out as HTML, which isn't valid
 # PNG data, and the browser just displays a "corrupt PNG" message. So, you can

userprefs.cgi

@@ -76,12 +76,11 @@ sub SaveAccount {
     if ($cgi->param('Bugzilla_password') ne "" || 
         $pwd1 ne "" || $pwd2 ne "") 
     {
-        my $old = SqlQuote($cgi->param('Bugzilla_password'));
         SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid");
         my $oldcryptedpwd = FetchOneColumn();
         $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password");
 
-        if (crypt($cgi->param('Bugzilla_password'), $oldcryptedpwd) ne 
+        if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne 
                   $oldcryptedpwd) 
         {
             ThrowUserError("old_password_incorrect");