diff options
author | justdave%syndicomm.com <> | 2002-01-20 09:44:34 +0000 |
---|---|---|
committer | justdave%syndicomm.com <> | 2002-01-20 09:44:34 +0000 |
commit | 4e6767d4c3d1b0b583f4ec076992345545294748 (patch) | |
tree | 44d10a299f4d910400fb420b38e21e769c00be7e /showattachment.cgi | |
parent | 72f340e3a12668c9356102c71f864afa986e001a (diff) | |
download | bugs-4e6767d4c3d1b0b583f4ec076992345545294748.tar bugs-4e6767d4c3d1b0b583f4ec076992345545294748.tar.gz bugs-4e6767d4c3d1b0b583f4ec076992345545294748.tar.bz2 bugs-4e6767d4c3d1b0b583f4ec076992345545294748.tar.xz bugs-4e6767d4c3d1b0b583f4ec076992345545294748.zip |
Fix for bug 108982: enable taint mode for all user-facing CGI files.
Patch by Brad Baetz <bbaetz@student.usyd.edu.au>
r= jake, justdave
Diffstat (limited to 'showattachment.cgi')
-rwxr-xr-x | showattachment.cgi | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/showattachment.cgi b/showattachment.cgi index 78143c550..70f5c6d66 100755 --- a/showattachment.cgi +++ b/showattachment.cgi @@ -1,4 +1,4 @@ -#!/usr/bonsaitools/bin/perl -w +#!/usr/bonsaitools/bin/perl -wT # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public @@ -24,6 +24,8 @@ use diagnostics; use strict; +use lib qw(.); + require "CGI.pl"; if (!defined $::FORM{'attach_id'}) { @@ -43,7 +45,7 @@ ConnectToDatabase(); quietly_check_login(); -if ($::FORM{attach_id} !~ /^[1-9][0-9]*$/) { +if (!detaint_natural($::FORM{attach_id})) { DisplayError("Attachment ID should be numeric."); exit; } |