Bug 157092 â Implement a checking mechanism for invalid regexp

Patch by David Lawrence <dkl@redhat.com> - r/a=mkanat

Bug 157092 â Implement a checking mechanism for invalid regexp
c34003dc · dkl%redhat.com · f575fab3 · c34003dc · c34003dc · c34003dc
Commit c34003dc authored Jun 19, 2008 by dkl%redhat.com
Showing with 32 additions and 6 deletions

DB.pm Bugzilla/DB.pm +9 -0

Mysql.pm Bugzilla/DB/Mysql.pm +6 -2

Oracle.pm Bugzilla/DB/Oracle.pm +6 -2

Pg.pm Bugzilla/DB/Pg.pm +6 -2

user-error.html.tmpl template/en/default/global/user-error.html.tmpl +5 -0

No files found.
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -383,6 +383,15 @@ sub bz_last_key {
                                 $table, $column);
 }
+sub bz_check_regexp {
+    my ($self, $pattern) = @_;
+    eval { $self->do("SELECT " . $self->sql_regexp($self->quote("a"), $pattern, 1)) };
+    $@ && ThrowUserError('illegal_regexp', 
+        { value => $pattern, dberror => $self->errstr }); 
+}
 #####################################################################
 # Database Setup
 #####################################################################

--- a/Bugzilla/DB/Mysql.pm
+++ b/Bugzilla/DB/Mysql.pm
@@ -104,13 +104,17 @@ sub bz_last_key {
 }
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+    $self->bz_check_regexp($pattern) if !$nocheck;
    return "$expr REGEXP $pattern";
 }
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+    $self->bz_check_regexp($pattern) if !$nocheck;
    return "$expr NOT REGEXP $pattern";
 }

--- a/Bugzilla/DB/Oracle.pm
+++ b/Bugzilla/DB/Oracle.pm
@@ -95,13 +95,17 @@ sub bz_last_key {
 }
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+    $self->bz_check_regexp($pattern) if !$nocheck;
    return "REGEXP_LIKE($expr, $pattern)";
 }
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+    $self->bz_check_regexp($pattern) if !$nocheck;
    return "NOT REGEXP_LIKE($expr, $pattern)" 
 }

--- a/Bugzilla/DB/Pg.pm
+++ b/Bugzilla/DB/Pg.pm
@@ -93,13 +93,17 @@ sub bz_last_key {
 }
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+    $self->bz_check_regexp($pattern) if !$nocheck;
    return "$expr ~* $pattern";
 }
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+    $self->bz_check_regexp($pattern) if !$nocheck;
    return "$expr !~* $pattern" 
 }

--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -783,6 +783,11 @@
    [% IF format %]
      Please use the format '<tt>[% format FILTER html %]</tt>'.
    [% END %]
+  [% ELSIF error == "illegal_regexp" %]
+    [% title = "Illegal Regular Expression" %]
+    The regular expression you provided [% value FILTER html %] is not valid.
+    The error was: [% dberror FILTER html %].
  [% ELSIF error == "insufficient_data_points" %]
    [% docslinks = {'reporting.html' => 'Reporting'} %]