diff options
| author |   timeless%mozdev.org <> | 2004-07-09 10:33:39 +0000 |
|---|---|---|
| committer | timeless%mozdev.org <> | 2004-07-09 10:33:39 +0000 |
| commit | c50567b310c406567adfc5a510adf080f9d33eb9 (patch) | |
| tree | f65bc93ca7614f32d06ff3c0949a019dd9edd255 | |
| parent | Patch for bug 250265: fix taint issues with vote fields when editing products... (diff) | |
| download | bugzilla-c50567b310c406567adfc5a510adf080f9d33eb9.tar.gz bugzilla-c50567b310c406567adfc5a510adf080f9d33eb9.tar.bz2 bugzilla-c50567b310c406567adfc5a510adf080f9d33eb9.zip | |
Bug 242405 Turning on QA contact causes taint error in Bugzilla/Series.pm when adding a component
patch by bugzilla@glob.com.au r=joel a=justdave
| -rw-r--r-- | Bugzilla/Series.pm | 1 | ||||
| -rwxr-xr-x | editcomponents.cgi | 21 |
2 files changed, 15 insertions, 7 deletions
diff --git a/Bugzilla/Series.pm b/Bugzilla/Series.pm index f009a0ad9..4d01a71ca 100644 --- a/Bugzilla/Series.pm +++ b/Bugzilla/Series.pm @@ -180,7 +180,6 @@ sub writeToDatabase { } else { # Insert the new series into the series table - trick_taint($self->{'query'}); $dbh->do("INSERT INTO series (creator, category, subcategory, " . "name, frequency, query) VALUES ($self->{'creator'}, " . "$category_id, $subcategory_id, " . diff --git a/editcomponents.cgi b/editcomponents.cgi index 4c00050fa..00c06912f 100755 --- a/editcomponents.cgi +++ b/editcomponents.cgi @@ -46,7 +46,7 @@ sub sillyness { my $dobugcounts = (defined $::FORM{'dobugcounts'}); - +my $cgi = Bugzilla->cgi; # TestProduct: just returns if the specified product does exists # CheckProduct: same check, optionally emit an error text @@ -458,12 +458,21 @@ if ($action eq 'new') { # For localisation reasons, we get the title of the queries from the # submitted form. + my $open_name = $cgi->param('open_name'); + my $closed_name = $cgi->param('closed_name'); my @openedstatuses = ("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"); - my $statuses = join("&", map { "bug_status=$_" } @openedstatuses); - push(@series, [$::FORM{'open_name'}, $statuses . $prodcomp]); - - my $resolved = "field0-0-0=resolution&type0-0-0=notequals&value0-0-0=---"; - push(@series, [$::FORM{'closed_name'}, $resolved . $prodcomp]); + my $statuses = join("&", map { "bug_status=$_" } @openedstatuses) . $prodcomp; + my $resolved = "field0-0-0=resolution&type0-0-0=notequals&value0-0-0=---" . $prodcomp; + + # trick_taint is ok here, as these variables aren't used as a command + # or in SQL unquoted + trick_taint($open_name); + trick_taint($closed_name); + trick_taint($statuses); + trick_taint($resolved); + + push(@series, [$open_name, $statuses]); + push(@series, [$closed_name, $resolved]); foreach my $sdata (@series) { my $series = new Bugzilla::Series(undef, $product, $component, |