Skip to content

bugzilla
bugzilla
Commit 54995494 authored by justdave%syndicomm.com's avatar justdave%syndicomm.com
Browse files
Options

Fix for bug 95235: variables with untrusted content were being echoed back to…

Fix for bug 95235: variables with untrusted content were being echoed back to the user in error messages. Those variables are now run through html_quote() first. Patch by Gavin Shelley <gavins@iplbath.com> r= justdave@syndicomm.com
parent 0fb6fdfa
Show whitespace changes
Inline Side-by-side
Showing with 11 additions and 6 deletions
buglist.cgi
View file @ 54995494
...@@ -85,7 +85,7 @@ sub SqlifyDate { ...@@ -85,7 +85,7 @@ sub SqlifyDate {
} }
my $date = str2time($str); my $date = str2time($str);
if (!defined $date) { if (!defined $date) {
PuntTryAgain("The string '<tt>$str</tt>' is not a legal date."); PuntTryAgain("The string '<tt>".html_quote($str)."</tt>' is not a legal date.");
} }
return time2str("%Y/%m/%d %H:%M:%S", $date); return time2str("%Y/%m/%d %H:%M:%S", $date);
} }
...@@ -172,7 +172,8 @@ sub GenerateSQL { ...@@ -172,7 +172,8 @@ sub GenerateSQL {
if ($c ne "") { if ($c ne "") {
if ($c !~ /^[0-9]*$/) { if ($c !~ /^[0-9]*$/) {
return Error("The 'At least ___ votes' field must be a\n" . return Error("The 'At least ___ votes' field must be a\n" .
"simple number. You entered \"$c\", which\n" . "simple number. You entered \"" .
html_quote($c) . "\", which\n" .
"doesn't cut it."); "doesn't cut it.");
} }
push(@specialchart, ["votes", "greaterthan", $c - 1]); push(@specialchart, ["votes", "greaterthan", $c - 1]);
...@@ -250,7 +251,8 @@ sub GenerateSQL { ...@@ -250,7 +251,8 @@ sub GenerateSQL {
push(@specialchart, \@clist); push(@specialchart, \@clist);
} else { } else {
return Error("You must specify one or more fields in which to\n" . return Error("You must specify one or more fields in which to\n" .
"search for <tt>$email</tt>.\n"); "search for <tt>" .
html_quote($email) . "</tt>.\n");
} }
} }
...@@ -260,7 +262,8 @@ sub GenerateSQL { ...@@ -260,7 +262,8 @@ sub GenerateSQL {
if ($c ne "") { if ($c ne "") {
if ($c !~ /^[0-9]*$/) { if ($c !~ /^[0-9]*$/) {
return Error("The 'changed in last ___ days' field must be\n" . return Error("The 'changed in last ___ days' field must be\n" .
"a simple number. You entered \"$c\", which\n" . "a simple number. You entered \"" .
html_quote($c) . "\", which\n" .
"doesn't cut it."); "doesn't cut it.");
} }
push(@specialchart, ["changedin", push(@specialchart, ["changedin",
...@@ -428,7 +431,8 @@ sub GenerateSQL { ...@@ -428,7 +431,8 @@ sub GenerateSQL {
if ($id) { if ($id) {
push(@list, "$table.keywordid = $id"); push(@list, "$table.keywordid = $id");
} else { } else {
return Error("Unknown keyword named <code>$v</code>.\n" . return Error("Unknown keyword named <code>" .
html_quote($v) . "</code>.\n" .
"<P>The legal keyword names are\n" . "<P>The legal keyword names are\n" .
"<A HREF=describekeywords.cgi>" . "<A HREF=describekeywords.cgi>" .
"listed here</A>.\n"); "listed here</A>.\n");
......
process_bug.cgi
View file @ 54995494
...@@ -749,7 +749,8 @@ if ($::FORM{'keywords'}) { ...@@ -749,7 +749,8 @@ if ($::FORM{'keywords'}) {
} }
my $i = GetKeywordIdFromName($keyword); my $i = GetKeywordIdFromName($keyword);
if (!$i) { if (!$i) {
PuntTryAgain("Unknown keyword named <code>$keyword</code>. " . PuntTryAgain("Unknown keyword named <code>" .
html_quote($keyword) . "</code>. " .
"<P>The legal keyword names are " . "<P>The legal keyword names are " .
"<A HREF=describekeywords.cgi>" . "<A HREF=describekeywords.cgi>" .
"listed here</A>."); "listed here</A>.");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment