diff options
| author |   justdave%syndicomm.com <> | 2003-04-25 03:49:27 +0000 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2003-04-25 03:49:27 +0000 |
| commit | 29021b187f042f023584dd3986c086ca68bef0a2 (patch) | |
| tree | d6c1c7c114ffe92462ef4f1817c6a87f18e4141c /duplicates.cgi | |
| parent | Missed a couple of SGML references that should have been changed. (diff) | |
| download | bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.gz bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.bz2 bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.zip | |
Bug 192677: Add new test to flag failure-to-filter situations in the templates, and correct the XSS holes that were discovered as a
result of it.
Patch by Gervase Markham <gerv@mozilla.org>
r= myk, bbaetz, justdave
a= justdave
Diffstat (limited to 'duplicates.cgi')
| -rwxr-xr-x | duplicates.cgi | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/duplicates.cgi b/duplicates.cgi index 1a3c08a9f..64a3f7ab3 100755 --- a/duplicates.cgi +++ b/duplicates.cgi @@ -74,7 +74,7 @@ my $sortby = formvalue("sortby"); my $changedsince = formvalue("changedsince", 7); my $maxrows = formvalue("maxrows", 100); my $openonly = formvalue("openonly"); -my $reverse = formvalue("reverse"); +my $reverse = formvalue("reverse") ? 1 : 0; my $product = formvalue("product"); my $sortvisible = formvalue("sortvisible"); my @buglist = (split(/[:,]/, formvalue("bug_id"))); @@ -159,8 +159,14 @@ if (!tie(%before, 'AnyDBM_File', "data/duplicates/dupes$whenever", $dobefore = 1; } +my $origmaxrows = $maxrows; detaint_natural($maxrows) - || ThrowUserError("invalid_maxrows", { maxrows => $maxrows}); + || ThrowUserError("invalid_maxrows", { maxrows => $origmaxrows}); + +my $origchangedsince = $changedsince; +detaint_natural($changedsince) + || ThrowUserError("invalid_changedsince", + { changedsince => $origchangedsince }); my @bugs; my @bug_ids; |