Fix for bug 108812: Prevent users from running queries containing arbitrary SQL.

Patch by Jake <jake@acutex.net> r=bbaetz,myk

Fix for bug 108812: Prevent users from running queries containing arbitrary SQL.
4b5278c7 · myk%mozilla.org · e2a35933 · 4b5278c7
Commit 4b5278c7 authored Nov 08, 2001 by myk%mozilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 4 deletions

buglist.cgi buglist.cgi +8 -4

No files found.
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -187,10 +187,14 @@ sub GenerateSQL {
        push(@specialchart, ["bug_id", $type, join(',', @{$M{'bug_id'}})]);
    }

-    if (defined $F{'sql'}) {
-        die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/;
-        push(@wherepart, "( $F{'sql'} )");
-    }
+# This is evil.  We should never allow a user to directly append SQL to
+# any query without a huge amount of validation.  Even then, it would
+# be a bad idea.  Beware that uncommenting this will allow someone to
+# peak at virtually anything they want in the bugs database.
+#    if (defined $F{'sql'}) {
+#        die "Invalid sql: $F{'sql'}" if $F{'sql'} =~ /;/;
+#        push(@wherepart, "( $F{'sql'} )");
+#    }

    my @legal_fields = ("product", "version", "rep_platform", "op_sys",
                        "bug_status", "resolution", "priority", "bug_severity",