fix for bug #44040 "sanitycheck.cgi dies if apostrophes in product, component, version,

or milestone". thanks to dave@intrec.com (Dave Miller) for the patch

fix for bug #44040 "sanitycheck.cgi dies if apostrophes in product, component, version,
8dd07cc3 · cyeh%bluemartini.com · 72c28615 · 8dd07cc3
Commit 8dd07cc3 authored Jun 29, 2000 by cyeh%bluemartini.com
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

sanitycheck.cgi sanitycheck.cgi +3 -3

No files found.
--- a/sanitycheck.cgi
+++ b/sanitycheck.cgi
@@ -188,7 +188,7 @@ while (@row = FetchSQLData()) {

 foreach my $ref (@checklist) {
    my ($product, $version) = (@$ref);
-    SendSQL("select count(*) from versions where program = '$product' and value = '$version'");
+    SendSQL("select count(*) from versions where program = " . SqlQuote($product) . " and value = " . SqlQuote($version));
    if (FetchOneColumn() != 1) {
        Alert("Bug(s) found with invalid product/version: $product/$version");
    }
@@ -206,7 +206,7 @@ while (@row = FetchSQLData()) {

 foreach my $ref (@checklist) {
    my ($product, $milestone) = (@$ref);
-    SendSQL("SELECT count(*) FROM milestones WHERE product = '$product' AND value = '$milestone'");
+    SendSQL("SELECT count(*) FROM milestones WHERE product = " . SqlQuote($product) . " AND value = " . SqlQuote($milestone));
    if(FetchOneColumn() != 1) {
        Alert("Bug(s) found with invalud product/milestone: $product/$milestone");
    }
@@ -225,7 +225,7 @@ while (@row = FetchSQLData()) {

 foreach my $ref (@checklist) {
    my ($product, $component) = (@$ref);
-    SendSQL("select count(*) from components where program = '$product' and value = '$component'");
+    SendSQL("select count(*) from components where program = " . SqlQuote($product) . " and value = " . SqlQuote($component));
    if (FetchOneColumn() != 1) {
        Alert("Bug(s) found with invalid product/component: $product/$component");
    }