diff options
| author | justdave%syndicomm.com <> | 2003-10-26 10:37:48 +0000 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2003-10-26 10:37:48 +0000 |
| commit | 68774da9a61107cfbbc16a91421a99c1ac944df1 (patch) | |
| tree | 7a842eb7ab104bfd67cc0be5df293024745b3538 /editproducts.cgi | |
| parent | ef9e98bdb9fefc28169e4a8038f77d328878adf9 (diff) | |
| download | bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.tar bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.tar.gz bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.tar.bz2 bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.tar.xz bugs-68774da9a61107cfbbc16a91421a99c1ac944df1.zip | |
Bug 208647: Fixes taint error in add new products code.
Patch by jpyeron@pyerotechnics.com (Jason Pyeron)
r= bbaetz, a= justdave
Diffstat (limited to 'editproducts.cgi')
| -rwxr-xr-x | editproducts.cgi | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/editproducts.cgi b/editproducts.cgi index 1782a74b8..c36537c22 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -337,8 +337,15 @@ if ($action eq 'new') { SqlQuote($product) . "," . SqlQuote($description) . "," . SqlQuote($milestoneurl) . "," . - $disallownew . "," . - "$votesperuser, $maxvotesperbug, $votestoconfirm, " . + # had tainting issues under cygwin, IIS 5.0, perl -T %s %s + # see bug 208647. http://bugzilla.mozilla.org/show_bug.cgi?id=208647 + # had to de-taint $disallownew, $votesperuser, $maxvotesperbug, + # and $votestoconfirm w/ SqlQuote() + # - jpyeron@pyerotechnics.com + SqlQuote($disallownew) . "," . + SqlQuote($votesperuser) . "," . + SqlQuote($maxvotesperbug) . "," . + SqlQuote($votestoconfirm) . "," . SqlQuote($defaultmilestone) . ")"); SendSQL("SELECT LAST_INSERT_ID()"); my $product_id = FetchOneColumn(); |