remove leading and trailing spaces in references and replyto

[debbugs.git] / cgi / pkgreport.cgi

diff --git a/cgi/pkgreport.cgi b/cgi/pkgreport.cgi
index b7fc845a510e50a8c21958c52a42fa236d5e386b..eb7a61a2101600c9196bed3ca1f8eafaf8e73293 100755 (executable)
--- a/cgi/pkgreport.cgi
+++ b/cgi/pkgreport.cgi
@@ -13,6 +13,12 @@
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
+binmode(STDOUT,':encoding(UTF-8)');
 use POSIX qw(strftime nice);
 
 use Debbugs::Config qw(:globals :text :config);
@@ -54,6 +60,7 @@ our %param = cgi_parameters(query => $q,
                                       qw(bug-rev pend-rev sev-rev),
                                       qw(maxdays mindays version),
                                       qw(data which dist newest),
+                                      qw(noaffects),
                                      ],
                            default => $default_params,
                           );
@@ -78,7 +85,7 @@ if (exists $param{form_options} and defined $param{form_options}) {
      for my $incexc (qw(include exclude)) {
          next unless exists $param{$incexc};
          # normalize tag to tags
-         $param{$incexc} = [map {s/^tag:/tags:/} grep /\S\:\S/, make_list($param{$incexc})];
+         $param{$incexc} = [map {s/^tag:/tags:/; $_} grep /\S\:\S/, make_list($param{$incexc})];
      }
      for my $key (keys %package_search_keys) {
          next unless exists $param{key};
@@ -99,7 +106,7 @@ if (exists $param{form_options} and defined $param{form_options}) {
 for my $incexc (qw(include exclude)) {
     next unless exists $param{$incexc};
     # normalize tag to tags
-    $param{$incexc} = [map {s/^tag:/tags:/} make_list($param{$incexc})];
+    $param{$incexc} = [map {s/^tag:/tags:/; $_} make_list($param{$incexc})];
 }