Commit 4357cedb authored by Frédéric Buclin's avatar Frédéric Buclin

Bug 545610: Correctly parse CGI parameters, especially when using mod_perl

r=gerv a=LpSolit
parent ebe30fe4
......@@ -21,7 +21,6 @@ use List::MoreUtils qw(uniq);
my $cgi = Bugzilla->cgi;
my $template = Bugzilla->template;
my $vars = {};
my $buffer = $cgi->query_string();
# Go straight back to query.cgi if we are adding a boolean chart.
if (grep(/^cmd-/, $cgi->param())) {
......@@ -34,9 +33,6 @@ if (grep(/^cmd-/, $cgi->param())) {
}
Bugzilla->login();
my $dbh = Bugzilla->switch_to_shadow_db();
my $action = $cgi->param('action') || 'menu';
if ($action eq "menu") {
......@@ -47,6 +43,9 @@ if ($action eq "menu") {
exit;
}
# Sanitize the URL, to make URLs shorter.
$cgi->clean_search_url;
my $col_field = $cgi->param('x_axis_field') || '';
my $row_field = $cgi->param('y_axis_field') || '';
my $tbl_field = $cgi->param('z_axis_field') || '';
......@@ -120,6 +119,7 @@ my $query = $search->sql;
$::SIG{TERM} = 'DEFAULT';
$::SIG{PIPE} = 'DEFAULT';
my $dbh = Bugzilla->switch_to_shadow_db();
my $results = $dbh->selectall_arrayref($query);
# We have a hash of hashes for the data itself, and a hash to hold the
......@@ -228,9 +228,9 @@ if ($action eq "wrap") {
# We need to keep track of the defined restrictions on each of the
# axes, because buglistbase, below, throws them away. Without this, we
# get buglistlinks wrong if there is a restriction on an axis field.
$vars->{'col_vals'} = join("&", $buffer =~ /[&?]($col_field=[^&]+)/g);
$vars->{'row_vals'} = join("&", $buffer =~ /[&?]($row_field=[^&]+)/g);
$vars->{'tbl_vals'} = join("&", $buffer =~ /[&?]($tbl_field=[^&]+)/g);
$vars->{'col_vals'} = get_field_restrictions($col_field);
$vars->{'row_vals'} = get_field_restrictions($row_field);
$vars->{'tbl_vals'} = get_field_restrictions($tbl_field);
# We need a number of different variants of the base URL for different
# URLs in the HTML.
......@@ -331,3 +331,10 @@ sub check_value {
}
return $value;
}
sub get_field_restrictions {
my $field = shift;
my $cgi = Bugzilla->cgi;
return join('&', map {"$field=$_"} $cgi->param($field));
}
......@@ -20,12 +20,13 @@
[% col_field_disp = field_descs.$col_field || col_field %]
[% row_field_disp = field_descs.$row_field || row_field %]
[% urlbase = BLOCK %]buglist.cgi?[% buglistbase FILTER html %][% END %]
[% IF tbl == "-total-" %]
[% urlbase = BLOCK %]buglist.cgi?[% buglistbase FILTER html %]
[% "&$tbl_vals" IF tbl_vals %][% END %]
[% ELSE %]
[% urlbase = BLOCK %]buglist.cgi?[% buglistbase FILTER html %]&
[% tbl_field FILTER uri %]=[% tbl FILTER uri %][% END %]
[% IF tbl_vals %]
[% urlbase = urlbase _ "&" _ tbl_vals %]
[% END %]
[% ELSIF tbl_field %]
[% urlbase = BLOCK %][% urlbase %]&[% tbl_field FILTER uri %]=[% tbl FILTER uri %][% END %]
[% END %]
<script type="text/javascript">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment