Bug 543432: [PostgreSQL] Crash when typing a string in combination with a numeric field
r=dkl a=sgreen git-svn-id: svn://10.0.0.236/trunk@265162 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
bzrmirror%bugzilla.org
parent
2432aed10d
commit
71bc0fd474
@ -1 +1 @@
|
||||
8846
|
||||
8847
|
||||
@ -269,9 +269,23 @@ sub multipart_start {
|
||||
$headers .= "Set-Cookie: ${cookie}${CGI::CRLF}";
|
||||
}
|
||||
$headers .= $CGI::CRLF;
|
||||
$self->{_multipart_in_progress} = 1;
|
||||
return $headers;
|
||||
}
|
||||
|
||||
sub close_standby_message {
|
||||
my ($self, $contenttype, $disp, $disp_prefix, $extension) = @_;
|
||||
$self->set_dated_content_disp($disp, $disp_prefix, $extension);
|
||||
|
||||
if ($self->{_multipart_in_progress}) {
|
||||
print $self->multipart_end();
|
||||
print $self->multipart_start(-type => $contenttype);
|
||||
}
|
||||
else {
|
||||
print $self->header($contenttype);
|
||||
}
|
||||
}
|
||||
|
||||
# Override header so we can add the cookies in
|
||||
sub header {
|
||||
my $self = shift;
|
||||
@ -665,6 +679,15 @@ instead of calling this directly.
|
||||
|
||||
Redirects from the current URL to one prefixed by the urlbase parameter.
|
||||
|
||||
=item C<multipart_start>
|
||||
|
||||
Starts a new part of the multipart document using the specified MIME type.
|
||||
If not specified, text/html is assumed.
|
||||
|
||||
=item C<close_standby_message>
|
||||
|
||||
Ends a part of the multipart document, and starts another part.
|
||||
|
||||
=item C<set_dated_content_disp>
|
||||
|
||||
Sets an appropriate date-dependent value for the Content Disposition header
|
||||
@ -688,8 +711,6 @@ L<CGI|CGI>, L<CGI::Cookie|CGI::Cookie>
|
||||
|
||||
=item should_set
|
||||
|
||||
=item multipart_start
|
||||
|
||||
=item redirect_search_url
|
||||
|
||||
=item param
|
||||
|
||||
@ -94,8 +94,10 @@ sub _throw_error {
|
||||
message => \$message });
|
||||
|
||||
if (Bugzilla->error_mode == ERROR_MODE_WEBPAGE) {
|
||||
print Bugzilla->cgi->header();
|
||||
my $cgi = Bugzilla->cgi;
|
||||
$cgi->close_standby_message('text/html', 'inline', 'error', 'html');
|
||||
print $message;
|
||||
print $cgi->multipart_final() if $cgi->{_multipart_in_progress};
|
||||
}
|
||||
elsif (Bugzilla->error_mode == ERROR_MODE_TEST) {
|
||||
die Dumper($vars);
|
||||
|
||||
@ -1997,11 +1997,18 @@ sub _quote_unless_numeric {
|
||||
my $numeric_field = $self->_chart_fields->{$field}->is_numeric;
|
||||
my $numeric_value = ($value =~ NUMBER_REGEX) ? 1 : 0;
|
||||
my $is_numeric = $numeric_operator && $numeric_field && $numeric_value;
|
||||
|
||||
# These operators are really numeric operators with numeric fields.
|
||||
$numeric_operator = grep { $_ eq $operator } keys SIMPLE_OPERATORS;
|
||||
|
||||
if ($is_numeric) {
|
||||
my $quoted = $value;
|
||||
trick_taint($quoted);
|
||||
return $quoted;
|
||||
}
|
||||
elsif ($numeric_field && !$numeric_value && $numeric_operator) {
|
||||
ThrowUserError('number_not_numeric', { field => $field, num => $value });
|
||||
}
|
||||
return Bugzilla->dbh->quote($value);
|
||||
}
|
||||
|
||||
|
||||
@ -279,22 +279,6 @@ sub GetGroups {
|
||||
return [values %legal_groups];
|
||||
}
|
||||
|
||||
sub _close_standby_message {
|
||||
my ($contenttype, $disp, $disp_prefix, $extension, $serverpush) = @_;
|
||||
my $cgi = Bugzilla->cgi;
|
||||
$cgi->set_dated_content_disp($disp, $disp_prefix, $extension);
|
||||
|
||||
# Close the "please wait" page, then open the buglist page
|
||||
if ($serverpush) {
|
||||
print $cgi->multipart_end();
|
||||
print $cgi->multipart_start(-type => $contenttype);
|
||||
}
|
||||
else {
|
||||
print $cgi->header($contenttype);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
################################################################################
|
||||
# Command Execution
|
||||
################################################################################
|
||||
@ -949,8 +933,6 @@ elsif (my @component_input = $cgi->param('component')) {
|
||||
# The following variables are used when the user is making changes to multiple bugs.
|
||||
if ($dotweak && scalar @bugs) {
|
||||
if (!$vars->{'caneditbugs'}) {
|
||||
_close_standby_message('text/html',
|
||||
'inline', "error", "html", $serverpush);
|
||||
ThrowUserError('auth_failure', {group => 'editbugs',
|
||||
action => 'modify',
|
||||
object => 'multiple_bugs'});
|
||||
@ -1057,8 +1039,7 @@ if ($format->{'extension'} eq "csv") {
|
||||
$vars->{'human'} = $cgi->param('human');
|
||||
}
|
||||
|
||||
_close_standby_message($contenttype, $disposition, $disp_prefix,
|
||||
$format->{'extension'}, $serverpush);
|
||||
$cgi->close_standby_message($contenttype, $disposition, $disp_prefix, $format->{'extension'});
|
||||
|
||||
################################################################################
|
||||
# Content Generation
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user