bug 122418 - setting attachment status fails taint checks. Just needed to

detaint after checking. r=gerv,kiko
author: bbaetz%student.usyd.edu.au <> 2002-02-05 06:16:18 +0000
committer: bbaetz%student.usyd.edu.au <> 2002-02-05 06:16:18 +0000
commit: f15fc6e6632c6a360b5f620cf929084a07a4c403 (patch)
tree: 625d7cd16bd0e24e1015c923d1dc8aff0e9bd40b /attachment.cgi
parent: a063aa364c6cafb341a1884691516fcc78a1187a (diff)
download: bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar
bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar.gz
bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar.bz2
bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar.xz
bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 5996aa86d..368ad702e 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -257,6 +257,8 @@ sub validateStatuses
       || DisplayError("One of the statuses you entered is not a valid status
                        for this attachment.")
         && exit;
+    # We have tested that the status is valid, so it can be detainted
+    detaint_natural($status);
   }
 }
author	bbaetz%student.usyd.edu.au <>	2002-02-05 06:16:18 +0000
committer	bbaetz%student.usyd.edu.au <>	2002-02-05 06:16:18 +0000
commit	f15fc6e6632c6a360b5f620cf929084a07a4c403 (patch)
tree	625d7cd16bd0e24e1015c923d1dc8aff0e9bd40b /attachment.cgi
parent	a063aa364c6cafb341a1884691516fcc78a1187a (diff)
download	bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar.gz bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar.bz2 bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar.xz bugs-f15fc6e6632c6a360b5f620cf929084a07a4c403.zip