diff options
| -rw-r--r-- | CGI.pl | 13 | ||||
| -rwxr-xr-x | attachment.cgi | 2 | ||||
| -rwxr-xr-x | post_bug.cgi | 2 | ||||
| -rwxr-xr-x | process_bug.cgi | 2 |
4 files changed, 19 insertions, 0 deletions
@@ -324,6 +324,19 @@ sub ValidateBugID { } + +sub ValidateComment { + # Make sure a comment is not too large (greater than 64K). + + my ($comment) = @_; + + if (defined($comment) && length($comment) > 65535) { + DisplayError("Comments cannot be longer than 65,535 characters."); + exit; + } +} + + # check and see if a given string actually represents a positive # integer, and abort if not. # diff --git a/attachment.cgi b/attachment.cgi index 32b4ef461..66c3236a7 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -77,6 +77,7 @@ elsif ($action eq "insert") { confirm_login(); ValidateBugID($::FORM{'bugid'}); + ValidateComment($::FORM{'comment'}); validateFilename(); validateData(); validateDescription(); @@ -95,6 +96,7 @@ elsif ($action eq "edit") elsif ($action eq "update") { confirm_login(); + ValidateComment($::FORM{'comment'}); validateID(); validateCanEdit($::FORM{'id'}); validateDescription(); diff --git a/post_bug.cgi b/post_bug.cgi index 0ae44d32f..58048ef7e 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -49,6 +49,8 @@ sub sillyness { confirm_login(); +ValidateComment($::FORM{'comment'}); + my $cookiepath = Param("cookiepath"); print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} ); print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} ); diff --git a/process_bug.cgi b/process_bug.cgi index f2abb0390..fb3c0e482 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -92,6 +92,8 @@ if (defined $::FORM{'dup_id'} && $::FORM{'knob'} eq "duplicate") { DuplicateUserConfirm(); } +ValidateComment($::FORM{'comment'}); + ###################################################################### # End Data/Security Validation ###################################################################### |