summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjustdave%bugzilla.org <>2004-05-11 01:57:11 +0200
committerjustdave%bugzilla.org <>2004-05-11 01:57:11 +0200
commit8b0e08269dce8c37b35b0433c5ff2976c6a04214 (patch)
treeb822795da042456bb8e7f04db1401a61dca10111
parentc4a8c5fef1dc27cb587db8744c9d3088e6c4d9f9 (diff)
downloadbugzilla-8b0e08269dce8c37b35b0433c5ff2976c6a04214.tar.gz
bugzilla-8b0e08269dce8c37b35b0433c5ff2976c6a04214.tar.xz
Bug 204042: taint issues in perl 5.6.0 that were causing an Internal Error to ocurr after adding an attachment.
r= joel, a= justdave
-rwxr-xr-xattachment.cgi8
1 files changed, 7 insertions, 1 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 44a49c5f7..83a910ee0 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -932,7 +932,13 @@ sub insert
# Define the variables and functions that will be passed to the UI template.
$vars->{'mailrecipients'} = { 'changer' => $::COOKIE{'Bugzilla_login'},
'owner' => $owner };
- $vars->{'bugid'} = $::FORM{'bugid'};
+ my $bugid = $::FORM{'bugid'};
+ detaint_natural($bugid); # don't bother with error condition, we know it'll work
+ # because of ValidateBugID above. This is only needed
+ # for Perl 5.6.0. If we ever require Perl 5.6.1 or
+ # newer, or detaint something other than $::FORM{'bugid'}
+ # in ValidateBugID above, then this can go away.
+ $vars->{'bugid'} = $bugid;
$vars->{'attachid'} = $attachid;
$vars->{'description'} = $description;
$vars->{'contenttypemethod'} = $::FORM{'contenttypemethod'};