aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2016-03-09 23:06:28 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2016-03-09 23:06:28 +0100
commiteb323eb6db292aa9fb705ceaff9c94b3a7a74c4d (patch)
treecad3064d2af051f59066b86ace9326bba218a0b2
parent458aca660809144eb9b2c3d84cff103d00dac7c2 (diff)
downloadbugs-eb323eb6db292aa9fb705ceaff9c94b3a7a74c4d.tar
bugs-eb323eb6db292aa9fb705ceaff9c94b3a7a74c4d.tar.gz
bugs-eb323eb6db292aa9fb705ceaff9c94b3a7a74c4d.tar.bz2
bugs-eb323eb6db292aa9fb705ceaff9c94b3a7a74c4d.tar.xz
bugs-eb323eb6db292aa9fb705ceaff9c94b3a7a74c4d.zip
Bug 1234977: Replace \d+ by [0-9]+ in critical validation places
r=dylan a=dkl
-rw-r--r--Bugzilla/Bug.pm14
-rw-r--r--Bugzilla/DB/Schema/Mysql.pm2
-rw-r--r--Bugzilla/Template.pm16
-rw-r--r--Bugzilla/Util.pm4
-rwxr-xr-xprocess_bug.cgi7
5 files changed, 22 insertions, 21 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 34bf95ff7..8b4493f85 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -305,15 +305,15 @@ sub new {
my $param = shift;
# Remove leading "#" mark if we've just been passed an id.
- if (!ref $param && $param =~ /^#(\d+)$/) {
+ if (!ref $param && $param =~ /^#([0-9]+)$/) {
$param = $1;
}
# If we get something that looks like a word (not a number),
# make it the "name" param.
if (!defined $param
- || (!ref($param) && $param !~ /^\d+$/)
- || (ref($param) && $param->{id} !~ /^\d+$/))
+ || (!ref($param) && $param !~ /^[0-9]+$/)
+ || (ref($param) && $param->{id} !~ /^[0-9]+$/))
{
if ($param) {
my $alias = ref($param) ? $param->{id} : $param;
@@ -556,15 +556,15 @@ sub _extract_bug_ids {
my $s = $comment->already_wrapped ? qr/\s/ : qr/\h/;
my $text = $comment->body;
# Full bug links
- push @bug_ids, $text =~ /\b$urlbase_re\Qshow_bug.cgi?id=\E(\d+)(?:\#c\d+)?/g;
+ push @bug_ids, $text =~ /\b$urlbase_re\Qshow_bug.cgi?id=\E([0-9]+)(?:\#c[0-9]+)?/g;
# bug X
- my $bug_re = qr/\Q$bug_word\E$s*\#?$s*(\d+)/i;
+ my $bug_re = qr/\Q$bug_word\E$s*\#?$s*([0-9]+)/i;
push @bug_ids, $text =~ /\b$bug_re/g;
# bugs X, Y, Z
- my $bugs_re = qr/\Q$bugs_word\E$s*\#?$s*(\d+)(?:$s*,$s*\#?$s*(\d+))+/i;
+ my $bugs_re = qr/\Q$bugs_word\E$s*\#?$s*([0-9]+)(?:$s*,$s*\#?$s*([0-9]+))+/i;
push @bug_ids, $text =~ /\b$bugs_re/g;
# Old duplicate markers
- push @bug_ids, $text =~ /(?<=^\*\*\*\ This\ bug\ has\ been\ marked\ as\ a\ duplicate\ of\ )(\d+)(?=\ \*\*\*\Z)/;
+ push @bug_ids, $text =~ /(?<=^\*\*\*\ This\ bug\ has\ been\ marked\ as\ a\ duplicate\ of\ )([0-9]+)(?=\ \*\*\*\Z)/;
}
# Make sure to filter invalid bug IDs.
@bug_ids = grep { $_ < MAX_INT_32 } @bug_ids;
diff --git a/Bugzilla/DB/Schema/Mysql.pm b/Bugzilla/DB/Schema/Mysql.pm
index 0195fcb06..7ff8ade9f 100644
--- a/Bugzilla/DB/Schema/Mysql.pm
+++ b/Bugzilla/DB/Schema/Mysql.pm
@@ -316,7 +316,7 @@ sub column_info_to_column {
$default = 0 if $default =~ /^0\.0+$/;
# If we're not a number, we're a string and need to be
# quoted.
- $default = $dbh->quote($default) if !($default =~ /^(-)?(\d+)(.\d+)?$/);
+ $default = $dbh->quote($default) if !($default =~ /^(-)?([0-9]+)(\.[0-9]+)?$/);
$column->{DEFAULT} = $default;
}
}
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index ce027171b..8104f6f1f 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -232,7 +232,7 @@ sub quoteUrls {
~<a href=\"mailto:$2\">$1$2</a>~igx;
# attachment links
- $text =~ s~\b(attachment$s*\#?$s*(\d+)(?:$s+\[details\])?)
+ $text =~ s~\b(attachment$s*\#?$s*([0-9]+)(?:$s+\[details\])?)
~($things[$count++] = get_attachment_link($2, $1, $user)) &&
("\x{FDD2}" . ($count-1) . "\x{FDD3}")
~egmxi;
@@ -245,9 +245,9 @@ sub quoteUrls {
# Also, we can't use $bug_re?$comment_re? because that will match the
# empty string
my $bug_word = template_var('terms')->{bug};
- my $bug_re = qr/\Q$bug_word\E$s*\#?$s*(\d+)/i;
+ my $bug_re = qr/\Q$bug_word\E$s*\#?$s*([0-9]+)/i;
my $comment_word = template_var('terms')->{comment};
- my $comment_re = qr/(?:\Q$comment_word\E|comment)$s*\#?$s*(\d+)/i;
+ my $comment_re = qr/(?:\Q$comment_word\E|comment)$s*\#?$s*([0-9]+)/i;
$text =~ s~\b($bug_re(?:$s*,?$s*$comment_re)?|$comment_re)
~ # We have several choices. $1 here is the link, and $2-4 are set
# depending on which part matched
@@ -261,29 +261,29 @@ sub quoteUrls {
my $bugs_word = template_var('terms')->{bugs};
my $bugs_re = qr/\Q$bugs_word\E$s*\#?$s*
- \d+(?:$s*,$s*\#?$s*\d+)+/ix;
+ [0-9]+(?:$s*,$s*\#?$s*[0-9]+)+/ix;
$text =~ s{($bugs_re)}{
my $match = $1;
- $match =~ s/((?:#$s*)?(\d+))/get_bug_link($2, $1);/eg;
+ $match =~ s/((?:#$s*)?([0-9]+))/get_bug_link($2, $1);/eg;
$match;
}eg;
my $comments_word = template_var('terms')->{comments};
my $comments_re = qr/(?:comments|\Q$comments_word\E)$s*\#?$s*
- \d+(?:$s*,$s*\#?$s*\d+)+/ix;
+ [0-9]+(?:$s*,$s*\#?$s*[0-9]+)+/ix;
$text =~ s{($comments_re)}{
my $match = $1;
- $match =~ s|((?:#$s*)?(\d+))|<a href="$current_bugurl#c$2">$1</a>|g;
+ $match =~ s|((?:#$s*)?([0-9]+))|<a href="$current_bugurl#c$2">$1</a>|g;
$match;
}eg;
# Old duplicate markers. These don't use $bug_word because they are old
# and were never customizable.
$text =~ s~(?<=^\*\*\*\ This\ bug\ has\ been\ marked\ as\ a\ duplicate\ of\ )
- (\d+)
+ ([0-9]+)
(?=\ \*\*\*\Z)
~get_bug_link($1, $1, { user => $user })
~egmx;
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 037b38648..bbf4261ca 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -49,13 +49,13 @@ sub trick_taint {
}
sub detaint_natural {
- my $match = $_[0] =~ /^(\d+)$/;
+ my $match = $_[0] =~ /^([0-9]+)$/;
$_[0] = $match ? int($1) : undef;
return (defined($_[0]));
}
sub detaint_signed {
- my $match = $_[0] =~ /^([-+]?\d+)$/;
+ my $match = $_[0] =~ /^([-+]?[0-9]+)$/;
# The "int()" call removes any leading plus sign.
$_[0] = $match ? int($1) : undef;
return (defined($_[0]));
diff --git a/process_bug.cgi b/process_bug.cgi
index 216dfbf1b..0b0ecd64e 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -305,9 +305,10 @@ if (defined $cgi->param('id')) {
my %is_private;
foreach my $field (grep(/^defined_isprivate/, $cgi->param())) {
- $field =~ /(\d+)$/;
- my $comment_id = $1;
- $is_private{$comment_id} = $cgi->param("isprivate_$comment_id");
+ if ($field =~ /(\d+)$/) {
+ my $comment_id = $1;
+ $is_private{$comment_id} = $cgi->param("isprivate_$comment_id");
+ }
}
$set_all_fields{comment_is_private} = \%is_private;