aboutsummaryrefslogtreecommitdiffstats
path: root/duplicates.cgi
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2003-04-25 03:49:27 +0000
committerjustdave%syndicomm.com <>2003-04-25 03:49:27 +0000
commit29021b187f042f023584dd3986c086ca68bef0a2 (patch)
treed6c1c7c114ffe92462ef4f1817c6a87f18e4141c /duplicates.cgi
parent2fac94504175f4964ad254f07e184e00e10eef08 (diff)
downloadbugs-29021b187f042f023584dd3986c086ca68bef0a2.tar
bugs-29021b187f042f023584dd3986c086ca68bef0a2.tar.gz
bugs-29021b187f042f023584dd3986c086ca68bef0a2.tar.bz2
bugs-29021b187f042f023584dd3986c086ca68bef0a2.tar.xz
bugs-29021b187f042f023584dd3986c086ca68bef0a2.zip
Bug 192677: Add new test to flag failure-to-filter situations in the templates, and correct the XSS holes that were discovered as a
result of it. Patch by Gervase Markham <gerv@mozilla.org> r= myk, bbaetz, justdave a= justdave
Diffstat (limited to 'duplicates.cgi')
-rwxr-xr-xduplicates.cgi10
1 files changed, 8 insertions, 2 deletions
diff --git a/duplicates.cgi b/duplicates.cgi
index 1a3c08a9f..64a3f7ab3 100755
--- a/duplicates.cgi
+++ b/duplicates.cgi
@@ -74,7 +74,7 @@ my $sortby = formvalue("sortby");
my $changedsince = formvalue("changedsince", 7);
my $maxrows = formvalue("maxrows", 100);
my $openonly = formvalue("openonly");
-my $reverse = formvalue("reverse");
+my $reverse = formvalue("reverse") ? 1 : 0;
my $product = formvalue("product");
my $sortvisible = formvalue("sortvisible");
my @buglist = (split(/[:,]/, formvalue("bug_id")));
@@ -159,8 +159,14 @@ if (!tie(%before, 'AnyDBM_File', "data/duplicates/dupes$whenever",
$dobefore = 1;
}
+my $origmaxrows = $maxrows;
detaint_natural($maxrows)
- || ThrowUserError("invalid_maxrows", { maxrows => $maxrows});
+ || ThrowUserError("invalid_maxrows", { maxrows => $origmaxrows});
+
+my $origchangedsince = $changedsince;
+detaint_natural($changedsince)
+ || ThrowUserError("invalid_changedsince",
+ { changedsince => $origchangedsince });
my @bugs;
my @bug_ids;