don't go past end of @msg when setting

[debbugs.git] / cgi / pkgreport.cgi

diff --git a/cgi/pkgreport.cgi b/cgi/pkgreport.cgi
index 3fc500b355114472122bee11d936a0f60203b51f..eb7a61a2101600c9196bed3ca1f8eafaf8e73293 100755 (executable)
--- a/cgi/pkgreport.cgi
+++ b/cgi/pkgreport.cgi
@@ -13,6 +13,12 @@
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
+binmode(STDOUT,':encoding(UTF-8)');
 use POSIX qw(strftime nice);
 
 use Debbugs::Config qw(:globals :text :config);
@@ -54,6 +60,7 @@ our %param = cgi_parameters(query => $q,
                                       qw(bug-rev pend-rev sev-rev),
                                       qw(maxdays mindays version),
                                       qw(data which dist newest),
+                                      qw(noaffects),
                                      ],
                            default => $default_params,
                           );
@@ -77,7 +84,8 @@ if (exists $param{form_options} and defined $param{form_options}) {
      }
      for my $incexc (qw(include exclude)) {
          next unless exists $param{$incexc};
-         $param{$incexc} = [grep /\S\:\S/, make_list($param{$incexc})];
+         # normalize tag to tags
+         $param{$incexc} = [map {s/^tag:/tags:/; $_} grep /\S\:\S/, make_list($param{$incexc})];
      }
      for my $key (keys %package_search_keys) {
          next unless exists $param{key};
@@ -93,6 +101,16 @@ if (exists $param{form_options} and defined $param{form_options}) {
      exit 0;
 }
 
+# normalize innclude/exclude keys; currently this is in two locations,
+# which is suboptimal. Closes: #567407
+for my $incexc (qw(include exclude)) {
+    next unless exists $param{$incexc};
+    # normalize tag to tags
+    $param{$incexc} = [map {s/^tag:/tags:/; $_} make_list($param{$incexc})];
+}
+
+
+
 # map from yes|no to 1|0
 for my $key (qw(repeatmerged bug-rev pend-rev sev-rev)) {
      if (exists $param{$key}){