diff options
author | justdave%syndicomm.com <> | 2001-08-25 00:32:24 +0000 |
---|---|---|
committer | justdave%syndicomm.com <> | 2001-08-25 00:32:24 +0000 |
commit | 549954949a402ba5bc84cfb83cda3d62a8e1a887 (patch) | |
tree | 64ac2ddb9c40844739db9ae9583cdbf41af9aa9b | |
parent | 0fb6fdfab23fa6e82bce48af1b4872b0b5203425 (diff) | |
download | bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar.gz bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar.bz2 bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.tar.xz bugs-549954949a402ba5bc84cfb83cda3d62a8e1a887.zip |
Fix for bug 95235: variables with untrusted content were being echoed back to the user in error messages. Those variables are now run through html_quote() first.
Patch by Gavin Shelley <gavins@iplbath.com>
r= justdave@syndicomm.com
-rwxr-xr-x | buglist.cgi | 14 | ||||
-rwxr-xr-x | process_bug.cgi | 3 |
2 files changed, 11 insertions, 6 deletions
diff --git a/buglist.cgi b/buglist.cgi index 0f6dbed41..2b2a394bf 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -85,7 +85,7 @@ sub SqlifyDate { } my $date = str2time($str); if (!defined $date) { - PuntTryAgain("The string '<tt>$str</tt>' is not a legal date."); + PuntTryAgain("The string '<tt>".html_quote($str)."</tt>' is not a legal date."); } return time2str("%Y/%m/%d %H:%M:%S", $date); } @@ -172,7 +172,8 @@ sub GenerateSQL { if ($c ne "") { if ($c !~ /^[0-9]*$/) { return Error("The 'At least ___ votes' field must be a\n" . - "simple number. You entered \"$c\", which\n" . + "simple number. You entered \"" . + html_quote($c) . "\", which\n" . "doesn't cut it."); } push(@specialchart, ["votes", "greaterthan", $c - 1]); @@ -250,7 +251,8 @@ sub GenerateSQL { push(@specialchart, \@clist); } else { return Error("You must specify one or more fields in which to\n" . - "search for <tt>$email</tt>.\n"); + "search for <tt>" . + html_quote($email) . "</tt>.\n"); } } @@ -260,7 +262,8 @@ sub GenerateSQL { if ($c ne "") { if ($c !~ /^[0-9]*$/) { return Error("The 'changed in last ___ days' field must be\n" . - "a simple number. You entered \"$c\", which\n" . + "a simple number. You entered \"" . + html_quote($c) . "\", which\n" . "doesn't cut it."); } push(@specialchart, ["changedin", @@ -428,7 +431,8 @@ sub GenerateSQL { if ($id) { push(@list, "$table.keywordid = $id"); } else { - return Error("Unknown keyword named <code>$v</code>.\n" . + return Error("Unknown keyword named <code>" . + html_quote($v) . "</code>.\n" . "<P>The legal keyword names are\n" . "<A HREF=describekeywords.cgi>" . "listed here</A>.\n"); diff --git a/process_bug.cgi b/process_bug.cgi index 82e9cb988..53ec8d9da 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -749,7 +749,8 @@ if ($::FORM{'keywords'}) { } my $i = GetKeywordIdFromName($keyword); if (!$i) { - PuntTryAgain("Unknown keyword named <code>$keyword</code>. " . + PuntTryAgain("Unknown keyword named <code>" . + html_quote($keyword) . "</code>. " . "<P>The legal keyword names are " . "<A HREF=describekeywords.cgi>" . "listed here</A>."); |