Fix for bug 108982: enable taint mode for all user-facing CGI files.

Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave
parent 72f340e3
#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......
#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -75,10 +74,12 @@ sub initBug {
my $self = shift();
my ($bug_id, $user_id) = (@_);
if ( (! defined $bug_id) || (!$bug_id) ) {
# no bug number given
return {};
my $old_bug_id = $bug_id;
if ((! defined $bug_id) || (!$bug_id) || (!&::detaint_natural($bug_id))) {
# no bug number given
$self->{'bug_id'} = $old_bug_id;
$self->{'error'} = "InvalidBugId";
return $self;
}
# default userid 0, or get DBID if you used an email address
......
#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......
#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -75,10 +74,12 @@ sub initBug {
my $self = shift();
my ($bug_id, $user_id) = (@_);
if ( (! defined $bug_id) || (!$bug_id) ) {
# no bug number given
return {};
my $old_bug_id = $bug_id;
if ((! defined $bug_id) || (!$bug_id) || (!&::detaint_natural($bug_id))) {
# no bug number given
$self->{'bug_id'} = $old_bug_id;
$self->{'error'} = "InvalidBugId";
return $self;
}
# default userid 0, or get DBID if you used an email address
......
#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......
......@@ -93,6 +93,9 @@ sub url_quote {
sub ParseUrlString {
# We don't want to detaint the user supplied data...
use re 'taint';
my ($buffer, $f, $m) = (@_);
undef %$f;
undef %$m;
......@@ -118,6 +121,7 @@ sub ParseUrlString {
$name = $item;
$value = "";
}
if ($value ne "") {
if (defined $f->{$name}) {
$f->{$name} .= $value;
......@@ -141,7 +145,6 @@ sub ParseUrlString {
}
}
sub ProcessFormFields {
my ($buffer) = (@_);
return ParseUrlString($buffer, \%::FORM, \%::MFORM);
......@@ -259,18 +262,18 @@ sub ValidateBugID {
# Validates and verifies a bug ID, making sure the number is a
# positive integer, that it represents an existing bug in the
# database, and that the user is authorized to access that bug.
# We detaint the number here, too
my ($id) = @_;
# Make sure the bug number is a positive integer.
# Whitespace can be ignored because the SQL server will ignore it.
$id =~ /^\s*([1-9][0-9]*)\s*$/
$_[0] = trim($_[0]); # Allow whitespace arround the number
detaint_natural($_[0])
|| DisplayError("The bug number is invalid. If you are trying to use " .
"QuickSearch, you need to enable JavaScript in your " .
"browser. To help us fix this limitation, look " .
"<a href=\"http://bugzilla.mozilla.org/show_bug.cgi?id=70907\">here</a>.")
&& exit;
my ($id) = @_;
# Get the values of the usergroupset and userid global variables
# and write them to local variables for use within this function,
# setting those local variables to the default value of zero if
......@@ -685,6 +688,8 @@ sub quietly_check_login() {
$::COOKIE{"Bugzilla_login"} = $loginname; # Makes sure case
# is in
# canonical form.
# We've just verified that this is ok
detaint_natural($::COOKIE{"Bugzilla_logincookie"});
} else {
$::disabledreason = $disabledtext;
}
......@@ -1430,6 +1435,8 @@ if (defined $ENV{"REQUEST_METHOD"}) {
if (defined $ENV{"HTTP_COOKIE"}) {
# Don't trust anything which came in as a cookie
use re 'taint';
foreach my $pair (split(/;/, $ENV{"HTTP_COOKIE"})) {
$pair = trim($pair);
if ($pair =~ /^([^=]*)=(.*)$/) {
......
#!/usr/bonsaitools/bin/perl -w
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -29,6 +29,8 @@
use diagnostics;
use strict;
use lib qw(.);
# Include the Bugzilla CGI and general utility library.
require "CGI.pl";
......@@ -139,10 +141,10 @@ exit;
sub validateID
{
# Validate the value of the "id" form field, which must contain a positive
# Validate the value of the "id" form field, which must contain an
# integer that is the ID of an existing attachment.
$::FORM{'id'} =~ /^[1-9][0-9]*$/
detaint_natural($::FORM{'id'})
|| DisplayError("You did not enter a valid attachment number.")
&& exit;
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -26,6 +26,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
use Date::Parse;
......@@ -783,6 +785,11 @@ sub GenerateSQL {
die "Internal error: $errstr" if $chart < 0;
return Error($errstr);
}
# This is either from the internal chart (in which case we
# already know about it), or it was in %chartfields, so it is
# a valid field name, which means that its ok.
trick_taint($f);
$q = SqlQuote($v);
my $func;
$term = undef;
......@@ -1067,7 +1074,15 @@ my @fields = ("bugs.bug_id", "bugs.groupset");
foreach my $c (@collist) {
if (exists $::needquote{$c}) {
push(@fields, "$::key{$c}");
# The value we are actually using is $::key{$c}, which was created
# using the DefCol() function earlier. We test for the existance
# of $::needsquote{$c} to find out if $c is a legitimate key in the
# hashes that were defined by DefCol(). If $::needsquote{$c} exists,
# then $c is valid and we can use it to look up our key.
# If it doesn't exist, then we know the user is screwing with us
# and we'll just skip it.
trick_taint($c);
push(@fields, $::key{$c});
}
}
......@@ -1142,6 +1157,7 @@ if (defined $::FORM{'order'} && $::FORM{'order'} ne "") {
}
die "Invalid order: $::FORM{'order'}" unless
$::FORM{'order'} =~ /^([a-zA-Z0-9_., ]+)$/;
$::FORM{'order'} = $1; # detaint this, since we've checked it
# Extra special disgusting hack: if we are ordering by target_milestone,
# change it to order by the sortkey of the target_milestone first.
......
......@@ -8,7 +8,7 @@ priority, version, rep_platform, assigned_to, delta_ts, component,
reporter, target_milestone?, bug_severity, creation_ts, qa_contact?,
status_whiteboard?, op_sys, short_desc?, keywords*, dependson*,
blocks*, cc*, long_desc?, attachment*)>
<!ATTLIST bug error (NotFound|NotPermitted) #IMPLIED>
<!ATTLIST bug error (NotFound|NotPermitted|InvalidBugId) #IMPLIED>
<!ELEMENT bug_id (#PCDATA)>
<!ELEMENT short_desc (#PCDATA)>
<!ELEMENT bug_status (#PCDATA)>
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -23,6 +23,8 @@
use diagnostics;
use strict;
use lib qw(.);
sub sillyness { # shut up "used only once" warnings
my $zz = @::legal_keywords;
}
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -26,6 +26,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
# Shut up misguided -w warnings about "used only once":
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -24,6 +24,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
use vars %::COOKIE, %::FILENAME;
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -25,6 +25,8 @@ use vars %::FORM;
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
ConnectToDatabase();
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -23,6 +23,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
ConnectToDatabase();
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -23,6 +23,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
require "defparams.pl";
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -24,6 +24,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
ConnectToDatabase();
......@@ -67,9 +69,6 @@ if (0 == @buglist) {
# minus sign).
foreach my $id (@buglist) {
ValidateBugID($id);
($::FORM{$id} =~ /^\d+$/)
|| DisplayError("Only use non-negative numbers for your bug votes.")
&& exit;
}
######################################################################
......@@ -144,7 +143,7 @@ while (MoreSQLData()) {
}
SendSQL("delete from votes where who = $who");
foreach my $id (@buglist) {
if ($::FORM{$id} > 0) {
if (detaint_natural($::FORM{$id}) && $::FORM{$id} > 0) {
SendSQL("insert into votes (who, bug_id, count) values ($who, $id, $::FORM{$id})");
}
$affected{$id} = 1;
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -27,6 +27,9 @@ use diagnostics;
use strict;
use CGI "param";
use AnyDBM_File;
use lib qw(.);
require "globals.pl";
require "CGI.pl";
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -35,6 +35,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
# Shut up misguided -w warnings about "used only once". "use vars" just
......
......@@ -194,8 +194,27 @@ sub SqlLog {
}
}
# This is from the perlsec page, slightly modifed to remove a warning
# From that page:
# This function makes use of the fact that the presence of
# tainted data anywhere within an expression renders the
# entire expression tainted.
# Don't ask me how it works...
sub is_tainted {
return not eval { my $foo = join('',@_), kill 0; 1; };
}
sub SendSQL {
my ($str, $dontshadow) = (@_);
# Don't use DBI's taint stuff yet, because:
# a) We don't want out vars to be tainted (yet)
# b) We want to know who called SendSQL...
# Is there a better way to do b?
if (is_tainted($str)) {
die "Attempted to send tainted string to the database";
}
my $iswrite = ($str =~ /^(INSERT|REPLACE|UPDATE|DELETE)/i);
if ($iswrite && !$::dbwritesallowed) {
die "Evil code attempted to write stuff to the shadow database.";
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -24,6 +24,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
# Shut up misguided -w warnings about "used only once". "use vars" just
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -23,6 +23,9 @@
use diagnostics;
use strict;
use lib qw(.);
use Bug;
require "CGI.pl";
$::lockcount = 0;
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -25,6 +25,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
# Shut up misguided -w warnings about "used only once". For some reason,
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -29,6 +29,8 @@ use strict;
my $UserInEditGroupSet = -1;
my $UserInCanConfirmGroupSet = -1;
use lib qw(.);
require "CGI.pl";
use RelationSet;
......@@ -42,6 +44,7 @@ use vars %::versions,
%::legal_opsys,
%::legal_platform,
%::legal_priority,
%::settable_resolution,
%::target_milestone,
%::legal_severity,
%::superusergroupset;
......@@ -58,13 +61,18 @@ my $requiremilestone = 0;
# This list will either consist of a single bug number from the "id"
# form/URL field or a series of numbers from multiple form/URL fields
# named "id_x" where "x" is the bug number.
# For each bug being modified, make sure its ID is a valid bug number
# representing an existing bug that the user is authorized to access.
my @idlist;
if (defined $::FORM{'id'}) {
ValidateBugID($::FORM{'id'});
push @idlist, $::FORM{'id'};
} else {
foreach my $i (keys %::FORM) {
if ($i =~ /^id_([1-9][0-9]*)/) {
push @idlist, $1;
my $id = $1;
ValidateBugID($id);
push @idlist, $id;
}
}
}
......@@ -74,12 +82,6 @@ scalar(@idlist)
|| DisplayError("You did not select any bugs to modify.")
&& exit;
# For each bug being modified, make sure its ID is a valid bug number
# representing an existing bug that the user is authorized to access.
foreach my $id (@idlist) {
ValidateBugID($id);
}
# If we are duping bugs, let's also make sure that we can change
# the original. This takes care of issue A on bug 96085.
if (defined $::FORM{'dup_id'} && $::FORM{'knob'} eq "duplicate") {
......@@ -538,7 +540,7 @@ sub ChangeResolution {
my ($str) = (@_);
if ($str ne $::dontchange) {
DoComma();
$::query .= "resolution = '$str'";
$::query .= "resolution = " . SqlQuote($str);
}
}
......@@ -695,6 +697,8 @@ SWITCH: for ($::FORM{'knob'}) {
last SWITCH;
};
/^resolve$/ && CheckonComment( "resolve" ) && do {
# Check here, because its the only place we require the resolution
CheckFormField(\%::FORM, 'resolution', \@::settable_resolution);
ChangeStatus('RESOLVED');
ChangeResolution($::FORM{'resolution'});
last SWITCH;
......@@ -1030,8 +1034,15 @@ The changes made were:
foreach my $i (split('[\s,]+', $::FORM{$target})) {
if ($i eq "") {
next;
}
my $orig = $i;
if (!detaint_natural($i)) {
PuntTryAgain("$orig is not a legal bug number");
}
# Don't use CanSeeBug, since we want to keep deps to bugs a
# user can't see
SendSQL("select bug_id from bugs where bug_id = " .
SqlQuote($i));
my $comp = FetchOneColumn();
......@@ -1049,7 +1060,8 @@ The changes made were:
my @stack = @{$deps{$target}};
while (@stack) {
my $i = shift @stack;
SendSQL("select $target from dependencies where $me = $i");
SendSQL("select $target from dependencies where $me = " .
SqlQuote($i));
while (MoreSQLData()) {
my $t = FetchOneColumn();
if ($t == $id) {
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -27,6 +27,8 @@ use vars %::FORM;
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
ConnectToDatabase();
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -24,6 +24,8 @@ use diagnostics;
use strict;
use vars ( %::FORM );
use lib qw(.);
require "CGI.pl";
print "Content-type: text/html\n\n";
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -25,6 +25,8 @@ use strict;
use vars %::COOKIE;
use lib qw(.);
require "CGI.pl";
my $cookiepath = Param("cookiepath");
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -41,6 +41,8 @@
use diagnostics;
use strict;
use lib qw(.);
eval "use GD";
my $use_gd = $@ ? 0 : 1;
eval "use Chart::Lines";
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -24,6 +24,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
use vars %::FORM;
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -24,6 +24,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
ConnectToDatabase();
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -23,6 +23,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
ConnectToDatabase();
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -24,6 +24,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
if (!defined $::FORM{'attach_id'}) {
......@@ -43,7 +45,7 @@ ConnectToDatabase();
quietly_check_login();
if ($::FORM{attach_id} !~ /^[1-9][0-9]*$/) {
if (!detaint_natural($::FORM{attach_id})) {
DisplayError("Attachment ID should be numeric.");
exit;
}
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -23,6 +23,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
ConnectToDatabase();
......@@ -168,6 +170,10 @@ node [URL="${urlbase}show_bug.cgi?id=\\N", style=filled, color=lightgrey]
# Cleanup any old .dot files created from previous runs.
my $since = time() - 24 * 60 * 60;
foreach my $f (glob("data/webdot/*.dot")) {
# Here we are deleting all old files. All entries are from the
# data/webdot/ directory. Since we're deleting the file (not following
# symlinks), this can't escape to delete anything it shouldn't
trick_taint($f);
if (ModTime($f) < $since) {
unlink $f;
}
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -25,6 +25,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
ConnectToDatabase();
......@@ -61,7 +63,7 @@ if (defined $::FORM{'voteon'}) {
# Make sure the user ID is a positive integer representing an existing user.
if (defined $::FORM{'user'}) {
$::FORM{'user'} =~ /^([1-9][0-9]*)$/
detaint_natural($::FORM{'user'})
|| DisplayError("The user number is invalid.")
&& exit;
SendSQL("SELECT 1 FROM profiles WHERE userid = $::FORM{'user'}");
......
......@@ -55,13 +55,40 @@ foreach my $file (@testitems) {
}
my $file_line1 = <FILE>;
close (FILE);
$file =~ m/.*\.(.*)/;
my $ext = $1;
if ($file_line1 !~ /\/usr\/bonsaitools\/bin\/perl/) {
ok(1,"$file does not have a shebang");
} else {
if ($file_line1 =~ m#/usr/bonsaitools/bin/perl -w#) {
ok(1,"$file uses -w");
my $flags;
if ($file eq "processmail") {
# special case processmail, which is tainted checked
$flags = "wT";
} elsif (!defined $ext || $ext eq "pl") {
# standalone programs (eg syncshadowdb) aren't taint checked yet
$flags = "w";
} elsif ($ext eq "pm") {
ok(0, "$file is a module, but has a shebang");
next;
} elsif ($ext eq "cgi") {
# cgi files must be taint checked, but only the user-accessible
# ones have been checked so far
if ($file =~ m/^edit/) {
$flags = "w";
} else {
$flags = "wT";
}
} else {
ok(0, "$file has shebang but unknown extension");
next;
}
if ($file_line1 =~ m#/usr/bonsaitools/bin/perl -$flags#) {
ok(1,"$file uses -$flags");
} else {
ok(0,"$file is MISSING -w --WARNING");
ok(0,"$file is MISSING -$flags --WARNING");
}
}
}
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -28,6 +28,8 @@
use diagnostics;
use strict;
use lib qw(.);
# Include the Bugzilla CGI and general utility library.
require "CGI.pl";
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -22,6 +22,8 @@
use diagnostics;
use strict;
use lib qw(.);
require "CGI.pl";
use RelationSet;
......
#!/usr/bonsaitools/bin/perl -w
#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
......@@ -23,10 +23,13 @@
use diagnostics;
use strict;
use lib qw(.);
use Bug;
require "CGI.pl";
if (!defined $::FORM{'id'} || $::FORM{'id'} !~ /^\s*\d+(,\d+)*\s*$/) {
if (!defined $::FORM{'id'} || !$::FORM{'id'}) {
print "Content-type: text/html\n\n";
PutHeader("Display as XML");
print "<FORM METHOD=GET ACTION=\"xml.cgi\">\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment