Bug 543432: [PostgreSQL] Crash when typing a string in combination with a numeric field

r=dkl a=sgreen

Bug 543432: [PostgreSQL] Crash when typing a string in combination with a numeric field
fd32a1a3 · Frédéric Buclin · fc5aae40 · fd32a1a3 · fd32a1a3 · fd32a1a3
Commit fd32a1a3 authored Jan 03, 2014 by Frédéric Buclin
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 23 deletions

CGI.pm Bugzilla/CGI.pm +23 -2

Error.pm Bugzilla/Error.pm +3 -1

Search.pm Bugzilla/Search.pm +7 -0

buglist.cgi buglist.cgi +1 -20

No files found.
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -269,9 +269,23 @@ sub multipart_start {
        $headers .= "Set-Cookie: ${cookie}${CGI::CRLF}";
    }
    $headers .= $CGI::CRLF;
+    $self->{_multipart_in_progress} = 1;
    return $headers;
 }

+sub close_standby_message {
+    my ($self, $contenttype, $disp, $disp_prefix, $extension) = @_;
+    $self->set_dated_content_disp($disp, $disp_prefix, $extension);
+
+    if ($self->{_multipart_in_progress}) {
+        print $self->multipart_end();
+        print $self->multipart_start(-type => $contenttype);
+    }
+    else {
+        print $self->header($contenttype);
+    }
+}
+
 # Override header so we can add the cookies in
 sub header {
    my $self = shift;
@@ -665,6 +679,15 @@ instead of calling this directly.

 Redirects from the current URL to one prefixed by the urlbase parameter.

+=item C<multipart_start>
+
+Starts a new part of the multipart document using the specified MIME type.
+If not specified, text/html is assumed.
+
+=item C<close_standby_message>
+
+Ends a part of the multipart document, and starts another part.
+
 =item C<set_dated_content_disp>

 Sets an appropriate date-dependent value for the Content Disposition header
@@ -688,8 +711,6 @@ L<CGI|CGI>, L<CGI::Cookie|CGI::Cookie>

 =item should_set

-=item multipart_start
-
 =item redirect_search_url

 =item param

--- a/Bugzilla/Error.pm
+++ b/Bugzilla/Error.pm
@@ -94,8 +94,10 @@ sub _throw_error {
                                             message => \$message });

    if (Bugzilla->error_mode == ERROR_MODE_WEBPAGE) {
-        print Bugzilla->cgi->header();
+        my $cgi = Bugzilla->cgi;
+        $cgi->close_standby_message('text/html', 'inline', 'error', 'html');
        print $message;
+        print $cgi->multipart_final() if $cgi->{_multipart_in_progress};
    }
    elsif (Bugzilla->error_mode == ERROR_MODE_TEST) {
        die Dumper($vars);

--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -1997,11 +1997,18 @@ sub _quote_unless_numeric {
    my $numeric_field = $self->_chart_fields->{$field}->is_numeric;
    my $numeric_value = ($value =~ NUMBER_REGEX) ? 1 : 0;
    my $is_numeric = $numeric_operator && $numeric_field && $numeric_value;
+
+    # These operators are really numeric operators with numeric fields.
+    $numeric_operator = grep { $_ eq $operator } keys SIMPLE_OPERATORS;
+
    if ($is_numeric) {
        my $quoted = $value;
        trick_taint($quoted);
        return $quoted;
    }
+    elsif ($numeric_field && !$numeric_value && $numeric_operator) {
+        ThrowUserError('number_not_numeric', { field => $field, num => $value });
+    }
    return Bugzilla->dbh->quote($value);
 }


--- a/buglist.cgi
+++ b/buglist.cgi
@@ -279,22 +279,6 @@ sub GetGroups {
    return [values %legal_groups];
 }

-sub _close_standby_message {
-    my ($contenttype, $disp, $disp_prefix, $extension, $serverpush) = @_;
-    my $cgi = Bugzilla->cgi;
-    $cgi->set_dated_content_disp($disp, $disp_prefix, $extension);
-    
-    # Close the "please wait" page, then open the buglist page
-    if ($serverpush) {
-        print $cgi->multipart_end();
-        print $cgi->multipart_start(-type => $contenttype);
-    }
-    else {
-        print $cgi->header($contenttype);
-    }
-}
-
-
 ################################################################################
 # Command Execution
 ################################################################################
@@ -949,8 +933,6 @@ elsif (my @component_input = $cgi->param('component')) {
 # The following variables are used when the user is making changes to multiple bugs.
 if ($dotweak && scalar @bugs) {
    if (!$vars->{'caneditbugs'}) {
-        _close_standby_message('text/html', 
-                               'inline', "error", "html", $serverpush);
        ThrowUserError('auth_failure', {group  => 'editbugs',
                                        action => 'modify',
                                        object => 'multiple_bugs'});
@@ -1057,8 +1039,7 @@ if ($format->{'extension'} eq "csv") {
    $vars->{'human'} = $cgi->param('human');
 }

-_close_standby_message($contenttype, $disposition, $disp_prefix, 
-                       $format->{'extension'}, $serverpush);
+$cgi->close_standby_message($contenttype, $disposition, $disp_prefix, $format->{'extension'});

 ################################################################################
 # Content Generation