aboutsummaryrefslogtreecommitdiffstats
path: root/editgroups.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'editgroups.cgi')
-rwxr-xr-xeditgroups.cgi16
1 files changed, 13 insertions, 3 deletions
diff --git a/editgroups.cgi b/editgroups.cgi
index 5e2a3baf6..b9503426b 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -244,12 +244,18 @@ if ($action eq 'new') {
my $desc = CheckGroupDesc($cgi->param('desc'));
my $regexp = CheckGroupRegexp($cgi->param('regexp'));
my $isactive = $cgi->param('isactive') ? 1 : 0;
+ # This is an admin page. The URL is considered safe.
+ my $icon_url;
+ if ($cgi->param('icon_url')) {
+ $icon_url = clean_text($cgi->param('icon_url'));
+ trick_taint($icon_url);
+ }
# Add the new group
$dbh->do('INSERT INTO groups
- (name, description, isbuggroup, userregexp, isactive)
- VALUES (?, ?, 1, ?, ?)',
- undef, ($name, $desc, $regexp, $isactive));
+ (name, description, isbuggroup, userregexp, isactive, icon_url)
+ VALUES (?, ?, 1, ?, ?, ?)',
+ undef, ($name, $desc, $regexp, $isactive, $icon_url));
my $gid = $dbh->bz_last_key('groups', 'id');
my $admin = Bugzilla::Group->new({name => 'admin'})->id();
@@ -565,6 +571,10 @@ sub doGroupChanges {
}
}
+ if (defined $cgi->param('icon_url')) {
+ $group->set_icon_url($cgi->param('icon_url'));
+ }
+
my $changes = $group->update();
my $sth_insert = $dbh->prepare('INSERT INTO group_group_map