Sorry for my previous noise and here is the good attachment in any case.
Regards, Patrice
Le mardi 07 mars 2017 à 21:34 +0100, Patrice Duroux a écrit :
> Hi,
>
> Following my previous email, here is joined a patch (using GIT) that is
> related
> to small HTML rendering corrections and other changes related to my trouble.
> But it is not clear to go to it related to the absence of 'suite' or an empty
> in
> the HTTP query with the sanitize_params function. This tries to look also to
> alternative 'dist' parameter and to also check value calling check_suite().
> As a general remark, it is not clear the purpose of this parameter sanitizing
> to
> prevent from SQL injection or to check value that are existing one and getting
> a
> default?
> Also the SQL query could be empty having bad values or nothing to deliver for
> the 'good' parameters.
> In brief, my problem is not yet solved.
> Regards,
> Patrice
>
> Le lundi 06 mars 2017 à 20:43 +0100, Patrice Duroux a écrit :
> > Dear Debian WB Team,
> >
> > Using the query page at https://buildd.debian.org/status/recent.php
> > and selecting 'Suite: --any--' will send to the following URL:
> > https://buildd.debian.org/status/recent.php?pkg=&a=amd64&suite=&limit=30
> > that does not give the expected result as the one by:
> > https://buildd.debian.org/status/recent.php?pkg=&a=amd64&limit=30
> > Isn't it?
> > Also the source code of the page is showing strange syntax for the first
> > 'option' element (a whitespace is missing) and wouldn't it be better to use
> > double quote in attribute value instead of single:
> >
> > <form action='recent.php' method='get'>
> > <p>
> > Package(s): <input size='30' placeholder='pkg1, pkg2, maintai...@debian.org'
> > type='text' name='pkg' value='' /> Arch(s): <input
> > placeholder='amd64,armel,all,...' type='text' name='a' value='' /> Suite:
> > <select name='suite' id='suite'>
> > <option value=''selected='selected'>--any--</option>
> > <option value='sid'>sid</option>
> > <option value='stretch'>stretch</option>
> > <option value='stretch-backports'>stretch-backports</option>
> > <option value='jessie'>jessie</option>
> > <option value='jessie-kfreebsd'>jessie-kfreebsd</option>
> > <option value='jessie-backports'>jessie-backports</option>
> > <option value='wheezy-security'>wheezy-security</option>
> > <option value='wheezy-backports'>wheezy-backports</option>
> > <option value='wheezy-backports-sloppy'>wheezy-backports-sloppy</option>
> > <option value='experimental'>experimental</option>
> > </select>
> >
> > Regards,
> > Patrice
diff --git a/library.php b/library.php
index fe6269f..73dc7ca 100644
--- a/library.php
+++ b/library.php
@@ -460,21 +460,21 @@ function select_recent_logs($archs=array(), $pkgs=array(), $suite="", $limit="30
else
$pkgs = implode(",", $pkgs);
- echo "<form action='recent.php' method='get'>\n<p>\n";
- printf("Package(s): <input size='30' placeholder='pkg1, pkg2, maintai...@debian.org' type='text' name='pkg' value='%s' /> ", $pkgs);
- printf("Arch(s): <input placeholder='amd64,armel,all,...' type='text' name='a' value='%s' /> ", $archs);
- printf("Suite: <select name='suite' id='suite'>\n");
- printf("\t<option value=''%s>--any--</option>\n", (empty($suite)?"selected='selected'":''));
+ echo "<form action=\"recent.php\" method=\"get\">\n<p>\n";
+ printf("Package(s): <input size=\"30\" placeholder=\"pkg1, pkg2, maintai...@debian.org\" type=\"text\" name=\"pkg\" value=\"%s\" /> ", $pkgs);
+ printf("Arch(s): <input placeholder=\"amd64,armel,all,...\" type=\"text\" name=\"a\" value=\"%s\" /> ", $archs);
+ printf("Suite: <select name=\"suite\" id=\"suite\">\n");
+ printf("\t<option value=\"\"%s>--any--</option>\n", (empty($suite)?" selected=\"selected\"":''));
foreach($SUITES as $a_suite) {
$selected = "";
if ($a_suite == $suite) $selected = ' selected="selected"';
- printf("\t<option value='%s'%s>%s</option>\n", $a_suite, $selected, $a_suite);
+ printf("\t<option value=\"%s\"%s>%s</option>\n", $a_suite, $selected, $a_suite);
}
printf("</select> \n");
printf("<br/>");
- printf("Entries: <input type='text' size='4' name='limit' value='%s' /> ", $limit);
- printf("<span title='For each package/arch combination, only show the newest entry'><input id='bad_results_only' type='checkbox' name='bad_results_only' %s/> <label for='bad_results_only'>only failures</label></span> ", ($bad_results_only? "checked='checked'" : ""));
- printf("<input type='submit' value='Go' />\n");
+ printf("Entries: <input type=\"text\" size=\"4\" name=\"limit\" value=\"%s\" /> ", $limit);
+ printf("<span title=\"For each package/arch combination, only show the newest entry\"><input id=\"bad_results_only\" type=\"checkbox\" name=\"bad_results_only\" %s/> <label for=\"bad_results_only\">only failures</label></span> ", ($bad_results_only? "checked=\"checked\"" : ""));
+ printf("<input type=\"submit\" value=\"Go\" />\n");
echo "</p>\n</form>\n";
}
@@ -1093,7 +1093,7 @@ function buildd_status_header($mode, $archs, $packages, $suite, $full=true) {
echo "\n";
} else {
if ($full) echo "<table class=\"data\">";
- echo "<tr><th rowspan='2'>Package</th>";
+ echo "<tr><th rowspan=\"2\">Package</th>";
$archis = array();
foreach ($archs as $arch) {
$prefix = "f";
diff --git a/logs.php b/logs.php
index 99f1039..76fd466 100644
--- a/logs.php
+++ b/logs.php
@@ -23,7 +23,7 @@ require_once("library.php");
db_connect();
list($pkg, $ver, $arch, $suite, $stamp) =
- sanitize_params("pkg", "ver", "arch", "dist", "stamp");
+ sanitize_params("pkg", "ver", "arch", "suite", "stamp");
if (empty($arch))
$arch = array();
else
diff --git a/recent.php b/recent.php
index 1fd0263..243b442 100644
--- a/recent.php
+++ b/recent.php
@@ -24,7 +24,7 @@ require_once("library.php");
db_connect();
list($pkgs, $archs, $suite, $limit, $bad_results_only) =
- sanitize_params("packages", "archs", "dist", "limit", "bad_results_only");
+ sanitize_params("packages", "archs", "suite", "limit", "bad_results_only");
# This looks nicer in the form, and makes the query smaller
if ($archs === $ARCHS) { $archs = array(); };