Bug 170986 - General Summary reports don't work with taint checking. Also fixes Throw*Error's $extra_vars parameter. Patch by gerv; r=bbaetz.

git-svn-id: svn://10.0.0.236/trunk@130545 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/webtools/bugzilla/CGI.pl

@@ -854,8 +854,10 @@ sub ThrowCodeError {
   SendSQL("UNLOCK TABLES") if $unlock_tables;
   
   # Copy the extra_vars into the vars hash 
-  @::vars{keys %$extra_vars} = values %$extra_vars;
-
+  foreach my $var (keys %$extra_vars) {
+      $vars->{$var} = $extra_vars->{$var};
+  }
+  
   # We may one day log something to file here also.
   $vars->{'variables'} = $extra_vars;
   
@@ -873,8 +875,10 @@ sub ThrowUserError {
   SendSQL("UNLOCK TABLES") if $unlock_tables;
  
   # Copy the extra_vars into the vars hash 
-  @::vars{keys %$extra_vars} = values %$extra_vars;
-
+  foreach my $var (keys %$extra_vars) {
+      $vars->{$var} = $extra_vars->{$var};
+  }
+  
   print "Content-type: text/html\n\n" if !$vars->{'header_done'};
   $template->process("global/user-error.html.tmpl", $vars)
     || ThrowTemplateError($template->error());

mozilla/webtools/bugzilla/globals.pl

@@ -1637,6 +1637,8 @@ sub GetFormat {
     # Security - allow letters and a hyphen only
     $ctype =~ s/[^a-zA-Z\-]//g;
     $format =~ s/[^a-zA-Z\-]//g;
+    trick_taint($ctype);
+    trick_taint($format);
     
     $template .= ($format ? "-$format" : "");
     $template .= ".$ctype.tmpl";