Commit fd32a1a3 authored by Frédéric Buclin's avatar Frédéric Buclin

Bug 543432: [PostgreSQL] Crash when typing a string in combination with a numeric field

r=dkl a=sgreen
parent fc5aae40
...@@ -269,9 +269,23 @@ sub multipart_start { ...@@ -269,9 +269,23 @@ sub multipart_start {
$headers .= "Set-Cookie: ${cookie}${CGI::CRLF}"; $headers .= "Set-Cookie: ${cookie}${CGI::CRLF}";
} }
$headers .= $CGI::CRLF; $headers .= $CGI::CRLF;
$self->{_multipart_in_progress} = 1;
return $headers; return $headers;
} }
sub close_standby_message {
my ($self, $contenttype, $disp, $disp_prefix, $extension) = @_;
$self->set_dated_content_disp($disp, $disp_prefix, $extension);
if ($self->{_multipart_in_progress}) {
print $self->multipart_end();
print $self->multipart_start(-type => $contenttype);
}
else {
print $self->header($contenttype);
}
}
# Override header so we can add the cookies in # Override header so we can add the cookies in
sub header { sub header {
my $self = shift; my $self = shift;
...@@ -665,6 +679,15 @@ instead of calling this directly. ...@@ -665,6 +679,15 @@ instead of calling this directly.
Redirects from the current URL to one prefixed by the urlbase parameter. Redirects from the current URL to one prefixed by the urlbase parameter.
=item C<multipart_start>
Starts a new part of the multipart document using the specified MIME type.
If not specified, text/html is assumed.
=item C<close_standby_message>
Ends a part of the multipart document, and starts another part.
=item C<set_dated_content_disp> =item C<set_dated_content_disp>
Sets an appropriate date-dependent value for the Content Disposition header Sets an appropriate date-dependent value for the Content Disposition header
...@@ -688,8 +711,6 @@ L<CGI|CGI>, L<CGI::Cookie|CGI::Cookie> ...@@ -688,8 +711,6 @@ L<CGI|CGI>, L<CGI::Cookie|CGI::Cookie>
=item should_set =item should_set
=item multipart_start
=item redirect_search_url =item redirect_search_url
=item param =item param
......
...@@ -94,8 +94,10 @@ sub _throw_error { ...@@ -94,8 +94,10 @@ sub _throw_error {
message => \$message }); message => \$message });
if (Bugzilla->error_mode == ERROR_MODE_WEBPAGE) { if (Bugzilla->error_mode == ERROR_MODE_WEBPAGE) {
print Bugzilla->cgi->header(); my $cgi = Bugzilla->cgi;
$cgi->close_standby_message('text/html', 'inline', 'error', 'html');
print $message; print $message;
print $cgi->multipart_final() if $cgi->{_multipart_in_progress};
} }
elsif (Bugzilla->error_mode == ERROR_MODE_TEST) { elsif (Bugzilla->error_mode == ERROR_MODE_TEST) {
die Dumper($vars); die Dumper($vars);
......
...@@ -1997,11 +1997,18 @@ sub _quote_unless_numeric { ...@@ -1997,11 +1997,18 @@ sub _quote_unless_numeric {
my $numeric_field = $self->_chart_fields->{$field}->is_numeric; my $numeric_field = $self->_chart_fields->{$field}->is_numeric;
my $numeric_value = ($value =~ NUMBER_REGEX) ? 1 : 0; my $numeric_value = ($value =~ NUMBER_REGEX) ? 1 : 0;
my $is_numeric = $numeric_operator && $numeric_field && $numeric_value; my $is_numeric = $numeric_operator && $numeric_field && $numeric_value;
# These operators are really numeric operators with numeric fields.
$numeric_operator = grep { $_ eq $operator } keys SIMPLE_OPERATORS;
if ($is_numeric) { if ($is_numeric) {
my $quoted = $value; my $quoted = $value;
trick_taint($quoted); trick_taint($quoted);
return $quoted; return $quoted;
} }
elsif ($numeric_field && !$numeric_value && $numeric_operator) {
ThrowUserError('number_not_numeric', { field => $field, num => $value });
}
return Bugzilla->dbh->quote($value); return Bugzilla->dbh->quote($value);
} }
......
...@@ -279,22 +279,6 @@ sub GetGroups { ...@@ -279,22 +279,6 @@ sub GetGroups {
return [values %legal_groups]; return [values %legal_groups];
} }
sub _close_standby_message {
my ($contenttype, $disp, $disp_prefix, $extension, $serverpush) = @_;
my $cgi = Bugzilla->cgi;
$cgi->set_dated_content_disp($disp, $disp_prefix, $extension);
# Close the "please wait" page, then open the buglist page
if ($serverpush) {
print $cgi->multipart_end();
print $cgi->multipart_start(-type => $contenttype);
}
else {
print $cgi->header($contenttype);
}
}
################################################################################ ################################################################################
# Command Execution # Command Execution
################################################################################ ################################################################################
...@@ -949,8 +933,6 @@ elsif (my @component_input = $cgi->param('component')) { ...@@ -949,8 +933,6 @@ elsif (my @component_input = $cgi->param('component')) {
# The following variables are used when the user is making changes to multiple bugs. # The following variables are used when the user is making changes to multiple bugs.
if ($dotweak && scalar @bugs) { if ($dotweak && scalar @bugs) {
if (!$vars->{'caneditbugs'}) { if (!$vars->{'caneditbugs'}) {
_close_standby_message('text/html',
'inline', "error", "html", $serverpush);
ThrowUserError('auth_failure', {group => 'editbugs', ThrowUserError('auth_failure', {group => 'editbugs',
action => 'modify', action => 'modify',
object => 'multiple_bugs'}); object => 'multiple_bugs'});
...@@ -1057,8 +1039,7 @@ if ($format->{'extension'} eq "csv") { ...@@ -1057,8 +1039,7 @@ if ($format->{'extension'} eq "csv") {
$vars->{'human'} = $cgi->param('human'); $vars->{'human'} = $cgi->param('human');
} }
_close_standby_message($contenttype, $disposition, $disp_prefix, $cgi->close_standby_message($contenttype, $disposition, $disp_prefix, $format->{'extension'});
$format->{'extension'}, $serverpush);
################################################################################ ################################################################################
# Content Generation # Content Generation
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment