[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnatsweb/386: Gnatsweb must check text with regexp before submitting new
|
From: |
Lars . Henriksen |
|
Subject: |
gnatsweb/386: Gnatsweb must check text with regexp before submitting new PR |
|
Date: |
Sun, 26 May 2002 10:24:33 -0400 |
>Number: 386
>Category: gnatsweb
>Synopsis: Gnatsweb must check text with regexp before submitting new PR
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun May 26 10:24:33 -0400 2002
>Originator: Lars.Henriksen@netman.dk
>Release: 3.99.3
>Organization:
>Environment:
>Description:
Gnatsweb submits a new PR to gnatsd with the SUBM command.
SUBM will accept almost anything as contents of aPR, and it
certainly doesn't check field contents. This is to some
extent done by Gnatsweb for enumerated-in-file fields, but
not for text fields with matching regexps.
This implies that you can create a PR that will be rejected
with an invalid text field the first time you edit it, even
though you didn't change the text field (but something else).
Fix included (that also removes a superfluous newline).
>How-To-Repeat:
>Fix:
--- gnatsweb.pl-3.99.3 Sun May 26 15:39:55 2002
+++ gnatsweb.pl.fix Sun May 26 16:06:06 2002
@@ -1222,8 +1222,11 @@
return;
}
+ client_cmd ("chek initial");
+ client_cmd("$text.");
+ return if ($client_would_have_exited);
client_cmd ("subm");
- client_cmd("$text\n.");
+ client_cmd("$text.");
my $return_url = $q->param('return_url') || get_script_name();
my $refresh = 5;
>Unformatted:
- gnatsweb/386: Gnatsweb must check text with regexp before submitting new PR,
Lars . Henriksen <=