aboutsummaryrefslogtreecommitdiffstats
path: root/editproducts.cgi
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2003-10-26 10:37:48 +0000
committerjustdave%syndicomm.com <>2003-10-26 10:37:48 +0000
commit68774da9a61107cfbbc16a91421a99c1ac944df1 (patch)
tree7a842eb7ab104bfd67cc0be5df293024745b3538 /editproducts.cgi
parentef9e98bdb9fefc28169e4a8038f77d328878adf9 (diff)
downloadbugs-68774da9a61107cfbbc16a91421a99c1ac944df1.tar
bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.tar.gz
bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.tar.bz2
bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.tar.xz
bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.zip
Bug 208647: Fixes taint error in add new products code.
Patch by jpyeron@pyerotechnics.com (Jason Pyeron) r= bbaetz, a= justdave
Diffstat (limited to 'editproducts.cgi')
-rwxr-xr-xeditproducts.cgi11
1 files changed, 9 insertions, 2 deletions
diff --git a/editproducts.cgi b/editproducts.cgi
index 1782a74b8..c36537c22 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -337,8 +337,15 @@ if ($action eq 'new') {
SqlQuote($product) . "," .
SqlQuote($description) . "," .
SqlQuote($milestoneurl) . "," .
- $disallownew . "," .
- "$votesperuser, $maxvotesperbug, $votestoconfirm, " .
+ # had tainting issues under cygwin, IIS 5.0, perl -T %s %s
+ # see bug 208647. http://bugzilla.mozilla.org/show_bug.cgi?id=208647
+ # had to de-taint $disallownew, $votesperuser, $maxvotesperbug,
+ # and $votestoconfirm w/ SqlQuote()
+ # - jpyeron@pyerotechnics.com
+ SqlQuote($disallownew) . "," .
+ SqlQuote($votesperuser) . "," .
+ SqlQuote($maxvotesperbug) . "," .
+ SqlQuote($votestoconfirm) . "," .
SqlQuote($defaultmilestone) . ")");
SendSQL("SELECT LAST_INSERT_ID()");
my $product_id = FetchOneColumn();