diff options
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Config.pm | 8 | ||||
| -rw-r--r-- | Bugzilla/Config/Common.pm | 5 |
2 files changed, 11 insertions, 2 deletions
diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm index b4ff803bd..1c02d9dda 100644 --- a/Bugzilla/Config.pm +++ b/Bugzilla/Config.pm @@ -315,7 +315,13 @@ sub read_param_file { } # JSON::XS doesn't detaint data for us. foreach my $key (keys %params) { - trick_taint($params{$key}) if defined $params{$key}; + if (ref($params{$key}) eq "ARRAY") { + foreach my $item (@{$params{$key}}) { + trick_taint($item); + } + } else { + trick_taint($params{$key}) if defined $params{$key}; + } } } elsif ($ENV{'SERVER_SOFTWARE'}) { diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm index e8dfe3e9d..bd9b0bf84 100644 --- a/Bugzilla/Config/Common.pm +++ b/Bugzilla/Config/Common.pm @@ -45,7 +45,10 @@ sub check_multi { return ""; } elsif ($param->{'type'} eq 'm' || $param->{'type'} eq 'o') { - foreach my $chkParam (split(',', $value)) { + if (ref($value) ne "ARRAY") { + $value = [split(',', $value)] + } + foreach my $chkParam (@$value) { unless (scalar(grep {$_ eq $chkParam} (@{$param->{'choices'}}))) { return "Invalid choice '$chkParam' for multi-select list param '$param->{'name'}'"; } |