diff options
author | lpsolit%gmail.com <> | 2005-05-04 02:41:22 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2005-05-04 02:41:22 +0000 |
commit | 91225228cd8b8f132a496c2d078c14ffb8ecbab3 (patch) | |
tree | 1db6dbb76ed32bbcce300b087054c733b9378a0b /editmilestones.cgi | |
parent | Bug 248386: Add support for Alias to post_bug.cgi - Patch by Albert Ting <alt... (diff) | |
download | bugzilla-91225228cd8b8f132a496c2d078c14ffb8ecbab3.tar.gz bugzilla-91225228cd8b8f132a496c2d078c14ffb8ecbab3.tar.bz2 bugzilla-91225228cd8b8f132a496c2d078c14ffb8ecbab3.zip |
Bug 279303: Negative numbers are rejected as invalid sortkeys for milestones - Patch by Peter D. Stout <pds@edgedynamics.com> r=LpSolit a=justdave
Diffstat (limited to 'editmilestones.cgi')
-rwxr-xr-x | editmilestones.cgi | 35 |
1 files changed, 19 insertions, 16 deletions
diff --git a/editmilestones.cgi b/editmilestones.cgi index 5c9e21468..32e6790c2 100755 --- a/editmilestones.cgi +++ b/editmilestones.cgi @@ -116,6 +116,21 @@ sub CheckMilestone ($$) } } +sub CheckSortkey ($$) +{ + my ($milestone, $sortkey) = @_; + # Keep a copy in case detaint_signed() clears the sortkey + my $stored_sortkey = $sortkey; + + if (!detaint_signed($sortkey) || $sortkey < -32768 || $sortkey > 32767) { + ThrowUserError('milestone_sortkey_invalid', + {'name' => $milestone, + 'sortkey' => $stored_sortkey}); + } + + return $sortkey; +} + # # Preliminary checks: # @@ -261,13 +276,8 @@ if ($action eq 'new') { {'name' => $milestone}); } - # Need to store in case detaint_natural() clears the sortkey - my $stored_sortkey = $sortkey; - if (!detaint_natural($sortkey)) { - ThrowUserError('milestone_sortkey_invalid', - {'name' => $milestone, - 'sortkey' => $stored_sortkey}); - } + $sortkey = CheckSortkey($milestone, $sortkey); + if (TestMilestone($product, $milestone)) { ThrowUserError('milestone_already_exists', {'name' => $milestone, @@ -453,15 +463,8 @@ if ($action eq 'update') { 'milestones WRITE', 'products WRITE'); - # Need to store because detaint_natural() will delete this if - # invalid - my $stored_sortkey = $sortkey; - if ($sortkey != $sortkeyold) { - if (!detaint_natural($sortkey)) { - ThrowUserError('milestone_sortkey_invalid', - {'name' => $milestone, - 'sortkey' => $stored_sortkey}); - } + if ($sortkey ne $sortkeyold) { + $sortkey = CheckSortkey($milestone, $sortkey); trick_taint($milestoneold); |