diff options
author | mkanat%bugzilla.org <> | 2009-03-31 06:37:53 +0000 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2009-03-31 06:37:53 +0000 |
commit | a86ee3a1ca5213d5401c6425cfb0fcfc7bb15e78 (patch) | |
tree | 55ad97e67fa4322482f346289c113d211629338a /Bugzilla/Object.pm | |
parent | 470f355df99acba2855b97619897d650e8dd09e0 (diff) | |
download | bugs-a86ee3a1ca5213d5401c6425cfb0fcfc7bb15e78.tar bugs-a86ee3a1ca5213d5401c6425cfb0fcfc7bb15e78.tar.gz bugs-a86ee3a1ca5213d5401c6425cfb0fcfc7bb15e78.tar.bz2 bugs-a86ee3a1ca5213d5401c6425cfb0fcfc7bb15e78.tar.xz bugs-a86ee3a1ca5213d5401c6425cfb0fcfc7bb15e78.zip |
Bug 432907: Create a JSON frontend for WebServices
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
Diffstat (limited to 'Bugzilla/Object.pm')
-rw-r--r-- | Bugzilla/Object.pm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm index adc96fa50..6cca49e45 100644 --- a/Bugzilla/Object.pm +++ b/Bugzilla/Object.pm @@ -219,7 +219,12 @@ sub _do_list_select { $sql .= " $postamble" if $postamble; my $dbh = Bugzilla->dbh; - my $objects = $dbh->selectall_arrayref($sql, {Slice=>{}}, @$values); + # Sometimes the values are tainted, but we don't want to untaint them + # for the caller. So we copy the array. It's safe to untaint because + # they're only used in placeholders here. + my @untainted = @{ $values || [] }; + trick_taint($_) foreach @untainted; + my $objects = $dbh->selectall_arrayref($sql, {Slice=>{}}, @untainted); bless ($_, $class) foreach @$objects; return $objects } |