Make query-pr-summary.cgi to work with perl 5.8.
This is required for new www server setup. Reviewed by: simon Approved by: trhodes (mentor), keramida (mentor)
This commit is contained in:
Daniel Gerzo
parent
52bcd8990a
commit
010290f0f9
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=28634
1 changed files with 15 additions and 10 deletions
|
|
@ -1,7 +1,5 @@
|
||||||
#!/usr/bin/perl -T
|
#!/usr/bin/perl -T
|
||||||
# $FreeBSD: www/en/cgi/query-pr-summary.cgi,v 1.53 2005/11/17 04:43:38 fenner Exp $
|
# $FreeBSD: www/en/cgi/query-pr-summary.cgi,v 1.54 2005/12/01 03:19:22 jcamou Exp $
|
||||||
|
|
||||||
sub escape($) { $_ = $_[0]; s/&/&/g; s/</</g; s/>/>/g; $_; }
|
|
||||||
|
|
||||||
$html_mode = 1 if $ENV{'DOCUMENT_ROOT'};
|
$html_mode = 1 if $ENV{'DOCUMENT_ROOT'};
|
||||||
$self_ref = $ENV{'SCRIPT_NAME'};
|
$self_ref = $ENV{'SCRIPT_NAME'};
|
||||||
|
|
@ -28,8 +26,7 @@ if ($ENV{'QUERY_STRING'} eq 'query') {
|
||||||
|
|
||||||
if ($html_mode) {
|
if ($html_mode) {
|
||||||
$query_args = '--restricted ';
|
$query_args = '--restricted ';
|
||||||
&ReadParse(*input) if $html_mode;
|
&ReadParse(*input);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
&Getopts('CcqRr:s:T:');
|
&Getopts('CcqRr:s:T:');
|
||||||
|
|
||||||
|
|
@ -207,7 +204,7 @@ EOM
|
||||||
# If someone does a multiple-variable query they will probably do weird things.
|
# If someone does a multiple-variable query they will probably do weird things.
|
||||||
|
|
||||||
$self_ref1 = $self_ref . '?';
|
$self_ref1 = $self_ref . '?';
|
||||||
$self_ref1 .= 'sort=' . escape($input{'sort'}) if $input{'sort'};
|
$self_ref1 .= 'sort=' . html_fixline($input{'sort'}) if $input{'sort'};
|
||||||
print "<p>You may view summaries by <a href='$self_ref1'>Severity</a>, ";
|
print "<p>You may view summaries by <a href='$self_ref1'>Severity</a>, ";
|
||||||
$self_ref1 .= '&' if ($self_ref1 !~/\?$/);
|
$self_ref1 .= '&' if ($self_ref1 !~/\?$/);
|
||||||
print "<a href='${self_ref1}state=summary'>State</a>, ";
|
print "<a href='${self_ref1}state=summary'>State</a>, ";
|
||||||
|
|
@ -276,10 +273,18 @@ $query_args .= ' --skip-closed' unless $closed_too;
|
||||||
foreach ('category', 'originator', 'priority', 'class', 'responsible',
|
foreach ('category', 'originator', 'priority', 'class', 'responsible',
|
||||||
'release', 'severity', 'state', 'submitter', 'text', 'multitext') {
|
'release', 'severity', 'state', 'submitter', 'text', 'multitext') {
|
||||||
if ($input{$_} && $input{$_} ne 'summary') {
|
if ($input{$_} && $input{$_} ne 'summary') {
|
||||||
$d = $input{$_};
|
# Check if the arguments provided by user are secure.
|
||||||
$d =~ s/^"(.*)"$/$&/;
|
# This is required to be able to run this script in
|
||||||
$d =~ s/'/\\'/;
|
# taint mode (perl -T)
|
||||||
$query_args .= " --${_}='$d'";
|
if ($input{$_} =~ /^([-^'\[\]\@\s\w.]+)$/) {
|
||||||
|
$d = $1;
|
||||||
|
$d =~ s/^"(.*)"$/$&/;
|
||||||
|
$d =~ s/'/\\'/;
|
||||||
|
$query_args .= " --${_}='$d'";
|
||||||
|
} else {
|
||||||
|
print "Insecure data in ${_}! Ignoring this filter.<br />".
|
||||||
|
"Only alphanumeric characters and ', -, [, ], ^, @ are allowed.";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue