diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-26 01:08:58 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-26 01:08:58 +0100 |
commit | c9aaffd4541554af069e4ac097c39f567b02f55a (patch) | |
tree | 13498d0860a3d4616f26d5f56e767f382678c682 /whine.pl | |
parent | Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized b... (diff) | |
download | bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.tar.gz bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.tar.bz2 bugzilla-c9aaffd4541554af069e4ac097c39f567b02f55a.zip |
Bug 255606: Do not let buglist.cgi return all bugs by default
r/a=mkanat
Diffstat (limited to 'whine.pl')
-rwxr-xr-x | whine.pl | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -452,7 +452,15 @@ sub run_queries { 'params' => scalar $searchparams->Vars, 'user' => $args->{'recipient'}, # the search runs as the recipient ); - my $sqlquery = $search->sql; + # If a query fails for whatever reason, it shouldn't kill the script. + my $sqlquery = eval { $search->sql }; + if ($@) { + say get_text('whine_query_failed', { query_name => $thisquery->{'name'}, + author => $args->{'author'}, + reason => $@ }); + next; + } + $sth = $dbh->prepare($sqlquery); $sth->execute; |