aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2001-08-25 00:32:24 +0000
committerjustdave%syndicomm.com <>2001-08-25 00:32:24 +0000
commit549954949a402ba5bc84cfb83cda3d62a8e1a887 (patch)
tree64ac2ddb9c40844739db9ae9583cdbf41af9aa9b
parent0fb6fdfab23fa6e82bce48af1b4872b0b5203425 (diff)
downloadbugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar
bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar.gz
bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar.bz2
bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar.xz
bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.zip
Fix for bug 95235: variables with untrusted content were being echoed back to the user in error messages. Those variables are now run through html_quote() first.
Patch by Gavin Shelley <gavins@iplbath.com> r= justdave@syndicomm.com
-rwxr-xr-xbuglist.cgi14
-rwxr-xr-xprocess_bug.cgi3
2 files changed, 11 insertions, 6 deletions
diff --git a/buglist.cgi b/buglist.cgi
index 0f6dbed41..2b2a394bf 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -85,7 +85,7 @@ sub SqlifyDate {
}
my $date = str2time($str);
if (!defined $date) {
- PuntTryAgain("The string '<tt>$str</tt>' is not a legal date.");
+ PuntTryAgain("The string '<tt>".html_quote($str)."</tt>' is not a legal date.");
}
return time2str("%Y/%m/%d %H:%M:%S", $date);
}
@@ -172,7 +172,8 @@ sub GenerateSQL {
if ($c ne "") {
if ($c !~ /^[0-9]*$/) {
return Error("The 'At least ___ votes' field must be a\n" .
- "simple number. You entered \"$c\", which\n" .
+ "simple number. You entered \"" .
+ html_quote($c) . "\", which\n" .
"doesn't cut it.");
}
push(@specialchart, ["votes", "greaterthan", $c - 1]);
@@ -250,7 +251,8 @@ sub GenerateSQL {
push(@specialchart, \@clist);
} else {
return Error("You must specify one or more fields in which to\n" .
- "search for <tt>$email</tt>.\n");
+ "search for <tt>" .
+ html_quote($email) . "</tt>.\n");
}
}
@@ -260,7 +262,8 @@ sub GenerateSQL {
if ($c ne "") {
if ($c !~ /^[0-9]*$/) {
return Error("The 'changed in last ___ days' field must be\n" .
- "a simple number. You entered \"$c\", which\n" .
+ "a simple number. You entered \"" .
+ html_quote($c) . "\", which\n" .
"doesn't cut it.");
}
push(@specialchart, ["changedin",
@@ -428,7 +431,8 @@ sub GenerateSQL {
if ($id) {
push(@list, "$table.keywordid = $id");
} else {
- return Error("Unknown keyword named <code>$v</code>.\n" .
+ return Error("Unknown keyword named <code>" .
+ html_quote($v) . "</code>.\n" .
"<P>The legal keyword names are\n" .
"<A HREF=describekeywords.cgi>" .
"listed here</A>.\n");
diff --git a/process_bug.cgi b/process_bug.cgi
index 82e9cb988..53ec8d9da 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -749,7 +749,8 @@ if ($::FORM{'keywords'}) {
}
my $i = GetKeywordIdFromName($keyword);
if (!$i) {
- PuntTryAgain("Unknown keyword named <code>$keyword</code>. " .
+ PuntTryAgain("Unknown keyword named <code>" .
+ html_quote($keyword) . "</code>. " .
"<P>The legal keyword names are " .
"<A HREF=describekeywords.cgi>" .
"listed here</A>.");