Skip to content

Bumped version to 20260305.1 #2561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dklawren merged 1 commit into from
Mar 5, 2026
+40 −1
Merged

Bumped version to 20260305.1 #2561

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Bugzilla.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ use warnings;

use Bugzilla::Logging;

our $VERSION = '20260303.1';
our $VERSION = '20260305.1';

use Bugzilla::Auth;
use Bugzilla::Auth::Persist::Cookie;
Expand Down
39 changes: 39 additions & 0 deletions Bugzilla/Search.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -970,6 +970,45 @@ sub _sql {
$timeout_comment = "/*+ MAX_EXECUTION_TIME($ms) */";
}

<<<<<<< Updated upstream
||||||| Stash base
# Add some user information to the SQL so we can pinpoint where some
# slow running queries originate and help to refine the searches.
my $cgi = Bugzilla->cgi;
my $remote_ip = remote_ip();
my $user_agent = $cgi->user_agent || $cgi->script_name;
my $query_string = $cgi->canonicalize_query();

# Sanitize user-controlled fields to prevent SQL injection in user agent
# and query parameters
for ($user_agent, $query_string) {
# Remove SQL comment terminators and newlines
s/[*]//g;
s/[\r\n]+/ /g;
s/[^\x20-\x7E]/ /g; # Replace non-printable characters with space
}

=======
# Add some user information to the SQL so we can pinpoint where some
# slow running queries originate and help to refine the searches.
my $cgi = Bugzilla->cgi;
my $remote_ip = remote_ip();
my $user_agent = $cgi->user_agent || $cgi->script_name;
my $query_string = $cgi->canonicalize_query();

# Sanitize all values embedded in the SQL block comment. The only way to
# break out of a /* */ block comment in MySQL is the sequence */. We also
# strip non-printable characters and newlines (which would silently move
# text outside the comment). All fields are treated as untrusted: user_id
# is forced to an integer, and remote_ip may derive from X-Forwarded-For
# when the better_xff feature is enabled, making it user-controllable.
$user_id = int($user_id || 0);
for ($remote_ip, $user_agent, $query_string) {
s/[^\x20-\x7E]/ /g; # ASCII printable only
s/\*\//\* \//g; # Break */ comment terminators (insert space)
}

>>>>>>> Stashed changes
my $query = <<"END";
SELECT $timeout_comment $select
FROM $from
Expand Down
Loading