Bug 157092 – Implement a checking mechanism for invalid regexp

Bugzilla/DB.pm

@@ -383,6 +383,15 @@ sub bz_last_key {
                                  $table, $column);
 }
 
+sub bz_check_regexp {
+    my ($self, $pattern) = @_;
+
+    eval { $self->do("SELECT " . $self->sql_regexp($self->quote("a"), $pattern, 1)) };
+
+    $@ && ThrowUserError('illegal_regexp', 
+        { value => $pattern, dberror => $self->errstr }); 
+}
+
 #####################################################################
 # Database Setup
 #####################################################################

Bugzilla/DB/Mysql.pm

@@ -104,13 +104,17 @@ sub bz_last_key {
 }
 
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "$expr REGEXP $pattern";
 }
 
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "$expr NOT REGEXP $pattern";
 }

Bugzilla/DB/Oracle.pm

@@ -95,13 +95,17 @@ sub bz_last_key {
 }
 
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "REGEXP_LIKE($expr, $pattern)";
 }
 
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "NOT REGEXP_LIKE($expr, $pattern)" 
 }

Bugzilla/DB/Pg.pm

@@ -93,13 +93,17 @@ sub bz_last_key {
 }
 
 sub sql_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "$expr ~* $pattern";
 }
 
 sub sql_not_regexp {
-    my ($self, $expr, $pattern) = @_;
+    my ($self, $expr, $pattern, $nocheck) = @_;
+
+    $self->bz_check_regexp($pattern) if !$nocheck;
 
     return "$expr !~* $pattern" 
 }

template/en/default/global/user-error.html.tmpl

@@ -783,6 +783,11 @@
     [% IF format %]
       Please use the format '<tt>[% format FILTER html %]</tt>'.
     [% END %]
+
+  [% ELSIF error == "illegal_regexp" %]
+    [% title = "Illegal Regular Expression" %]
+    The regular expression you provided [% value FILTER html %] is not valid.
+    The error was: [% dberror FILTER html %].
         
   [% ELSIF error == "insufficient_data_points" %]
     [% docslinks = {'reporting.html' => 'Reporting'} %]