X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=cgi%2Fpkgreport.cgi;h=455df20cea2896c7f2645c601d59a14584ce50a4;hb=747a1435ec35ebac24e9e321e6b3b4afcc2bea7b;hp=1666bbc6f7191a926f516bcd29e46bde2d20b664;hpb=dff4791fa286e8cd93b083133420c9f2ea5665aa;p=debbugs.git diff --git a/cgi/pkgreport.cgi b/cgi/pkgreport.cgi index 1666bbc..455df20 100755 --- a/cgi/pkgreport.cgi +++ b/cgi/pkgreport.cgi @@ -13,6 +13,12 @@ use warnings; use strict; +# Sanitize environent for taint +BEGIN{ + delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; +} + +binmode(STDOUT,':encoding(UTF-8)'); use POSIX qw(strftime nice); use Debbugs::Config qw(:globals :text :config); @@ -79,7 +85,7 @@ if (exists $param{form_options} and defined $param{form_options}) { for my $incexc (qw(include exclude)) { next unless exists $param{$incexc}; # normalize tag to tags - $param{$incexc} = [map {s/^tag:/tags:/} grep /\S\:\S/, make_list($param{$incexc})]; + $param{$incexc} = [map {s/^tag:/tags:/; $_} grep /\S\:\S/, make_list($param{$incexc})]; } for my $key (keys %package_search_keys) { next unless exists $param{key}; @@ -100,7 +106,7 @@ if (exists $param{form_options} and defined $param{form_options}) { for my $incexc (qw(include exclude)) { next unless exists $param{$incexc}; # normalize tag to tags - $param{$incexc} = [map {s/^tag:/tags:/} make_list($param{$incexc})]; + $param{$incexc} = [map {s/^tag:/tags:/; $_} make_list($param{$incexc})]; } @@ -269,7 +275,8 @@ if (defined $param{usertag}) { } } -quitcgi("You have to choose something to select by") unless grep {exists $param{$_}} keys %package_search_keys; +quitcgi("You have to choose something to select by", '400 Bad Request') + unless grep {exists $param{$_}} keys %package_search_keys; my $Archived = $param{archive} ? " Archived" : ""; @@ -430,6 +437,7 @@ my $result = pkg_htmlizebugs(bugs => \@bugs, (exists $param{dist})?(dist => $param{dist}):(), ); +print "Cache-Control: public, max-age=300\n"; print "Content-Type: text/html; charset=utf-8\n\n"; print "\n";