diff options
| author |   Christian Ruppert <idl0r@gentoo.org> | 2015-07-11 15:27:33 +0200 |
|---|---|---|
| committer | Christian Ruppert <idl0r@gentoo.org> | 2015-07-11 15:27:33 +0200 |
| commit | 4b2ce2725e9a4525e273fb1b08243aad74770a3d (patch) | |
| tree | c90fb0fef5c9ac923817f908f1c3586efa47ec59 /importxml.pl | |
| parent | Bumped version to 4.4.9 (diff) | |
| download | bugzilla-4b2ce2725e9a4525e273fb1b08243aad74770a3d.tar.gz bugzilla-4b2ce2725e9a4525e273fb1b08243aad74770a3d.tar.bz2 bugzilla-4b2ce2725e9a4525e273fb1b08243aad74770a3d.zip | |
Vanilla 4.4.9 to 5.0 without history due to massive merge conflicts
Diffstat (limited to 'importxml.pl')
| -rwxr-xr-x | importxml.pl | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/importxml.pl b/importxml.pl index e7dc9761b..12831e0b9 100755 --- a/importxml.pl +++ b/importxml.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -wT +#!/usr/bin/perl -T # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. @@ -10,7 +10,9 @@ # a new bug into bugzilla. Everything before the beginning <?xml line # is removed so you can pipe in email messages. +use 5.10.1; use strict; +use warnings; ##################################################################### # @@ -1023,6 +1025,15 @@ sub process_bug { push(@query, $custom_field); push(@values, $value); } + } elsif ($field->type == FIELD_TYPE_DATE) { + eval { $value = Bugzilla::Bug->_check_date_field($value); }; + if ($@) { + $err .= "Skipping illegal value \"$value\" in $custom_field.\n" ; + } + else { + push(@query, $custom_field); + push(@values, $value); + } } else { $err .= "Type of custom field $custom_field is an unhandled FIELD_TYPE: " . $field->type . "\n"; @@ -1164,7 +1175,7 @@ sub process_bug { if (!$attacher) { if ($att->{'attacher'}) { $err .= "The original submitter of attachment $att_id was\n "; - $err .= $att->{'attacher'} . ", but he doesn't have an account here.\n"; + $err .= $att->{'attacher'} . ", but they don't have an account here.\n"; } else { $err .= "The original submitter of attachment $att_id is unknown.\n"; @@ -1264,6 +1275,9 @@ my $twig = XML::Twig->new( }, start_tag_handlers => { bugzilla => \&init } ); +# Prevent DoS using the billion laughs attack. +$twig->{NoExpand} = 1; + $twig->parse($xml); my $root = $twig->root; my $maintainer = $root->{'att'}->{'maintainer'}; |