aboutsummaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2010-02-06 18:43:40 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2010-02-06 18:43:40 +0100
commita4362815ee6e840253a8d42e2bbe4c604f58cd15 (patch)
treee1f6cf4895e1fb606eb24f0c9cdf493ec75f2219 /Bugzilla
parent26a5920ad57b8038e36ba8adf17febd4dbc8a105 (diff)
downloadbugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.tar
bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.tar.gz
bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.tar.bz2
bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.tar.xz
bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.zip
Bug 544615: Bug.legal_values triggers an insecure dependency in Bugzilla::Field::get_legal_field_values()
r/a=mkanat
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/WebService/Bug.pm4
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index 16217bb63..711a45f44 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -32,7 +32,7 @@ use Bugzilla::WebService::Constants;
use Bugzilla::WebService::Util qw(filter validate);
use Bugzilla::Bug;
use Bugzilla::BugMail;
-use Bugzilla::Util qw(trim);
+use Bugzilla::Util qw(trick_taint trim);
use Bugzilla::Version;
use Bugzilla::Milestone;
use Bugzilla::Status;
@@ -427,6 +427,8 @@ sub legal_values {
my $values;
if (grep($_->name eq $field, @global_selects)) {
+ # The field is a valid one.
+ trick_taint($field);
$values = get_legal_field_values($field);
}
elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) {