diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2010-02-06 18:43:40 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2010-02-06 18:43:40 +0100 |
commit | a4362815ee6e840253a8d42e2bbe4c604f58cd15 (patch) | |
tree | e1f6cf4895e1fb606eb24f0c9cdf493ec75f2219 /Bugzilla | |
parent | 26a5920ad57b8038e36ba8adf17febd4dbc8a105 (diff) | |
download | bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.tar bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.tar.gz bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.tar.bz2 bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.tar.xz bugs-a4362815ee6e840253a8d42e2bbe4c604f58cd15.zip |
Bug 544615: Bug.legal_values triggers an insecure dependency in Bugzilla::Field::get_legal_field_values()
r/a=mkanat
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/WebService/Bug.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index 16217bb63..711a45f44 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -32,7 +32,7 @@ use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(filter validate); use Bugzilla::Bug; use Bugzilla::BugMail; -use Bugzilla::Util qw(trim); +use Bugzilla::Util qw(trick_taint trim); use Bugzilla::Version; use Bugzilla::Milestone; use Bugzilla::Status; @@ -427,6 +427,8 @@ sub legal_values { my $values; if (grep($_->name eq $field, @global_selects)) { + # The field is a valid one. + trick_taint($field); $values = get_legal_field_values($field); } elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) { |