Skip to content

bugzilla
bugzilla
Commit 91225228 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 279303: Negative numbers are rejected as invalid sortkeys for milestones -…

Bug 279303: Negative numbers are rejected as invalid sortkeys for milestones - Patch by Peter D. Stout <pds@edgedynamics.com> r=LpSolit a=justdave
parent e51425da
Show whitespace changes
Inline Side-by-side
Showing with 40 additions and 18 deletions
Bugzilla/Util.pm
View file @ 91225228
...@@ -30,6 +30,7 @@ use strict; ...@@ -30,6 +30,7 @@ use strict;
use base qw(Exporter); use base qw(Exporter);
@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural @Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural
detaint_signed
html_quote url_quote value_quote xml_quote html_quote url_quote value_quote xml_quote
css_class_quote css_class_quote
lsearch max min lsearch max min
...@@ -69,6 +70,16 @@ sub detaint_natural { ...@@ -69,6 +70,16 @@ sub detaint_natural {
return (defined($_[0])); return (defined($_[0]));
} }
sub detaint_signed {
$_[0] =~ /^([-+]?\d+)$/;
$_[0] = $1;
# Remove any leading plus sign.
if (defined($_[0]) && $_[0] =~ /^\+(\d+)$/) {
$_[0] = $1;
}
return (defined($_[0]));
}
sub html_quote { sub html_quote {
my ($var) = (@_); my ($var) = (@_);
$var =~ s/\&/\&amp;/g; $var =~ s/\&/\&amp;/g;
...@@ -325,6 +336,7 @@ Bugzilla::Util - Generic utility functions for bugzilla ...@@ -325,6 +336,7 @@ Bugzilla::Util - Generic utility functions for bugzilla
$rv = is_tainted($var); $rv = is_tainted($var);
trick_taint($var); trick_taint($var);
detaint_natural($var); detaint_natural($var);
detaint_signed($var);
# Functions for quoting # Functions for quoting
html_quote($var); html_quote($var);
...@@ -393,6 +405,12 @@ This routine detaints a natural number. It returns a true value if the ...@@ -393,6 +405,12 @@ This routine detaints a natural number. It returns a true value if the
value passed in was a valid natural number, else it returns false. You value passed in was a valid natural number, else it returns false. You
B<MUST> check the result of this routine to avoid security holes. B<MUST> check the result of this routine to avoid security holes.
=item C<detaint_signed($num)>
This routine detaints a signed integer. It returns a true value if the
value passed in was a valid signed integer, else it returns false. You
B<MUST> check the result of this routine to avoid security holes.
=back =back
=head2 Quoting =head2 Quoting
......
docs/xml/administration.xml
View file @ 91225228
...@@ -672,7 +672,7 @@ ...@@ -672,7 +672,7 @@
<listitem> <listitem>
<para>Enter the name of the Milestone in the "Milestone" field. You <para>Enter the name of the Milestone in the "Milestone" field. You
can optionally set the "sortkey", which is a positive or negative can optionally set the "sortkey", which is a positive or negative
number (-255 to 255) that defines where in the list this particular number (-32768 to 32767) that defines where in the list this particular
milestone appears. This is because milestones often do not milestone appears. This is because milestones often do not
occur in alphanumeric order For example, "Future" might be occur in alphanumeric order For example, "Future" might be
after "Release 1.2". Select "Add".</para> after "Release 1.2". Select "Add".</para>
......
editmilestones.cgi
View file @ 91225228
...@@ -116,6 +116,21 @@ sub CheckMilestone ($$) ...@@ -116,6 +116,21 @@ sub CheckMilestone ($$)
} }
} }
sub CheckSortkey ($$)
{
my ($milestone, $sortkey) = @_;
# Keep a copy in case detaint_signed() clears the sortkey
my $stored_sortkey = $sortkey;
if (!detaint_signed($sortkey) || $sortkey < -32768 || $sortkey > 32767) {
ThrowUserError('milestone_sortkey_invalid',
{'name' => $milestone,
'sortkey' => $stored_sortkey});
}
return $sortkey;
}
# #
# Preliminary checks: # Preliminary checks:
# #
...@@ -261,13 +276,8 @@ if ($action eq 'new') { ...@@ -261,13 +276,8 @@ if ($action eq 'new') {
{'name' => $milestone}); {'name' => $milestone});
} }
# Need to store in case detaint_natural() clears the sortkey $sortkey = CheckSortkey($milestone, $sortkey);
my $stored_sortkey = $sortkey;
if (!detaint_natural($sortkey)) {
ThrowUserError('milestone_sortkey_invalid',
{'name' => $milestone,
'sortkey' => $stored_sortkey});
}
if (TestMilestone($product, $milestone)) { if (TestMilestone($product, $milestone)) {
ThrowUserError('milestone_already_exists', ThrowUserError('milestone_already_exists',
{'name' => $milestone, {'name' => $milestone,
...@@ -453,15 +463,8 @@ if ($action eq 'update') { ...@@ -453,15 +463,8 @@ if ($action eq 'update') {
'milestones WRITE', 'milestones WRITE',
'products WRITE'); 'products WRITE');
# Need to store because detaint_natural() will delete this if if ($sortkey ne $sortkeyold) {
# invalid $sortkey = CheckSortkey($milestone, $sortkey);
my $stored_sortkey = $sortkey;
if ($sortkey != $sortkeyold) {
if (!detaint_natural($sortkey)) {
ThrowUserError('milestone_sortkey_invalid',
{'name' => $milestone,
'sortkey' => $stored_sortkey});
}
trick_taint($milestoneold); trick_taint($milestoneold);
......
template/en/default/global/user-error.html.tmpl
View file @ 91225228
...@@ -720,7 +720,8 @@ ...@@ -720,7 +720,8 @@
[% ELSIF error == "milestone_sortkey_invalid" %] [% ELSIF error == "milestone_sortkey_invalid" %]
[% title = "Invalid Milestone Sortkey" %] [% title = "Invalid Milestone Sortkey" %]
The sortkey '[% sortkey FILTER html %]' for milestone ' The sortkey '[% sortkey FILTER html %]' for milestone '
[% name FILTER html %]' is not a valid (positive) number. [% name FILTER html %]' is not in the range -32768 &le; sortkey
&le; 32767.
[% ELSIF error == "misarranged_dates" %] [% ELSIF error == "misarranged_dates" %]
[% title = "Misarranged Dates" %] [% title = "Misarranged Dates" %]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment