From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gnats-prs-admin@gnu.org>
Received: (qmail 4335 invoked from network); 26 May 2002 14:27:13 -0000
Received: from unknown (HELO fencepost.gnu.org) (199.232.76.164)
  by sources.redhat.com with SMTP; 26 May 2002 14:27:13 -0000
Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org)
	by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian))
	id 17ByzD-0006Vm-00; Sun, 26 May 2002 10:27:07 -0400
Received: from gnats by fencepost.gnu.org with local (Exim 3.34 #1 (Debian))
	id 17Bywj-0006K1-00; Sun, 26 May 2002 10:24:33 -0400
From: Lars.Henriksen@netman.dk
To: pdm-gnats@zamazal.org,gnats-prs@gnu.org,bug-gnats@gnu.org
Reply-To: Lars.Henriksen@netman.dk
Subject: gnatsweb/386: Gnatsweb must check text with regexp before submitting new PR
Message-Id: <E17Bywj-0006K1-00@fencepost.gnu.org>
Sender: gnats-prs-admin@gnu.org
Errors-To: gnats-prs-admin@gnu.org
X-BeenThere: gnats-prs@gnu.org
X-Mailman-Version: 2.0.9
Precedence: bulk
List-Help: <mailto:gnats-prs-request@gnu.org?subject=help>
List-Post: <mailto:gnats-prs@gnu.org>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/gnats-prs>,
	<mailto:gnats-prs-request@gnu.org?subject=subscribe>
List-Id: Copies of bug tracking system messages <gnats-prs.gnu.org>
List-Archive: <http://mail.gnu.org/pipermail/gnats-prs/>
Date: Sun, 26 May 2002 07:27:00 -0000
X-SW-Source: 2002-q2/txt/msg00018.txt.bz2

>Number:         386
>Category:       gnatsweb
>Synopsis:       Gnatsweb must check text with regexp before submitting new PR
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 26 10:24:33 -0400 2002
>Originator:     Lars.Henriksen@netman.dk
>Release:        3.99.3
>Organization:

>Environment:

>Description:
Gnatsweb submits a new PR to gnatsd with the SUBM command.
SUBM will accept almost anything as contents of aPR, and it
certainly doesn't check field contents. This is to some
extent done by Gnatsweb for enumerated-in-file fields, but
not for text fields with matching regexps.

This implies that you can create a PR that will be rejected
with an invalid text field the first time you edit it, even
though you didn't change the text field (but something else).

Fix included (that also removes a superfluous newline).
>How-To-Repeat:

>Fix:
--- gnatsweb.pl-3.99.3  Sun May 26 15:39:55 2002
+++ gnatsweb.pl.fix     Sun May 26 16:06:06 2002
@@ -1222,8 +1222,11 @@
     return;
   }
 
+  client_cmd ("chek initial");
+  client_cmd("$text.");
+  return if ($client_would_have_exited);
   client_cmd ("subm");
-  client_cmd("$text\n.");
+  client_cmd("$text.");
 
   my $return_url = $q->param('return_url') || get_script_name();
   my $refresh = 5;
>Unformatted:
 

_______________________________________________
Gnats-prs mailing list
Gnats-prs@gnu.org
http://mail.gnu.org/mailman/listinfo/gnats-prs