Commit fcf2c1a1 authored by kiko%async.com.br's avatar kiko%async.com.br

Fix for bug 238865-v1: remove %FORM from page.cgi. Does so, fixing the

linked page template and adding a code error for the "bad id provided" case. r=vladd, a=myk.
parent 4d1ced8f
......@@ -42,14 +42,19 @@ Bugzilla->login();
my $cgi = Bugzilla->cgi;
if ($::FORM{'id'}) {
my $id = $cgi->param('id');
if ($id) {
# Remove all dodgy chars, and split into name and ctype.
$::FORM{'id'} =~ s/[^\w\-\.]//g;
$::FORM{'id'} =~ /(.*)\.(.*)/;
$id =~ s/[^\w\-\.]//g;
$id =~ /(.*)\.(.*)/;
if (!$2) {
# if this regexp fails to match completely, something bad came in
ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
}
my $format = GetFormat("pages/$1", undef, $2);
$vars->{'form'} = \%::FORM;
$cgi->param('id', $id);
print $cgi->header($format->{'ctype'});
......
......@@ -56,6 +56,11 @@
[% ELSIF error == "authres_unhandled" %]
An authorization handler return value was not handled by the login code.
[% ELSIF error == "bad_page_cgi_id" %]
[% title = "Invalid Page ID" %]
The ID <code>[% page_id FILTER html %]</code> is not a
valid page identifier.
[% ELSIF error == "bug_error" %]
Trying to retrieve [% terms.bug %] [%+ bug.bug_id FILTER html %] returned
the error [% bug.error FILTER html %].
......
......@@ -21,6 +21,8 @@
#%]
[% INCLUDE global/header.html.tmpl title = "Your Linkified Text" %]
[% USE Bugzilla %]
[% cgi = Bugzilla.cgi %]
<p>
Copy and paste the text below:
......@@ -30,7 +32,7 @@
<p>
<pre>
[%- form.text FILTER quoteUrls FILTER html -%]
[%- cgi.param("text") FILTER quoteUrls FILTER html -%]
</pre>
</p>
......@@ -45,7 +47,7 @@
<p>
<pre>
[%- form.text FILTER quoteUrls -%]
[%- cgi.param("text") FILTER quoteUrls -%]
</pre>
</p>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment