X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=cgi%2Fbugreport.cgi;h=70f42292644f437e1284a6ba0aee2eeb5aabb635;hb=37fa4f5e9b7218b8a909f2c0502a12c6b7f5303e;hp=def15df910243cdd5ddd8fabb5f4a2e4a6b29533;hpb=9705bed70840ab5ff63278ea19fceac9d3777dcd;p=debbugs.git

diff --git a/cgi/bugreport.cgi b/cgi/bugreport.cgi
index def15df..70f4229 100755
--- a/cgi/bugreport.cgi
+++ b/cgi/bugreport.cgi
@@ -1,8 +1,14 @@
-#!/usr/bin/perl -wT
+#!/usr/bin/perl
 
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
+
 use POSIX qw(strftime);
 use MIME::Parser;
 use MIME::Decoder;
@@ -19,6 +25,8 @@ use Debbugs::Common qw(buglog getmaintainers make_list bug_status);
 use Debbugs::Packages qw(getpkgsrc);
 use Debbugs::Status qw(splitpackages split_status_fields get_bug_status isstrongseverity);
 
+use Debbugs::User;
+
 use Scalar::Util qw(looks_like_number);
 
 use Debbugs::Text qw(:templates);
@@ -28,6 +36,8 @@ use List::Util qw(max);
 
 use CGI::Simple;
 my $q = new CGI::Simple;
+# STDOUT should be using the utf8 io layer
+binmode(STDOUT,':raw:encoding(UTF-8)');
 
 my %param = cgi_parameters(query => $q,
 			   single => [qw(bug msg att boring terse),
@@ -161,6 +171,7 @@ if (defined($msg) and ($msg-1) <= $#records) {
 }
 my @log;
 if ( $mbox ) {
+     binmode(STDOUT,":raw");
      my $date = strftime "%a %b %d %T %Y", localtime;
      if (@records > 1) {
 	 print $q->header(-type => "text/plain",
@@ -213,11 +224,11 @@ END
 	  # we want to include control messages anyway
 	  my $record_wanted_anyway = 0;
 	  my ($msg_id) = $record->{text} =~ /^Message-Id:\s+<(.+)>/im;
-	  next if exists $seen_message_ids{$msg_id};
-	  next if $msg_id =~/handler\..+\.ack(?:info|done)?\@/;
+	  next if defined $msg_id and exists $seen_message_ids{$msg_id};
+	  next if defined $msg_id and $msg_id =~/handler\..+\.ack(?:info|done)?\@/;
 	  $record_wanted_anyway = 1 if $record->{text} =~ /^Received: \(at control\)/;
 	  next if not $boring and not $record->{type} eq $wanted_type and not $record_wanted_anyway and @records > 1;
-	  $seen_message_ids{$msg_id} = 1;
+	  $seen_message_ids{$msg_id} = 1 if defined $msg_id;
 	  my @lines = split( "\n", $record->{text}, -1 );
 	  if ( $lines[ 1 ] =~ m/^From / ) {
 	       my $tmp = $lines[ 0 ];
@@ -235,6 +246,7 @@ END
 
 else {
      if (defined $att and defined $msg and @records) {
+	 binmode(STDOUT,":raw");
 	  $msg_num++;
 	  print handle_email_message($records[0]->{text},
 				     ref => $ref,