diff options
| author | justdave%bugzilla.org <> | 2004-05-11 01:57:11 +0200 |
|---|---|---|
| committer | justdave%bugzilla.org <> | 2004-05-11 01:57:11 +0200 |
| commit | 8b0e08269dce8c37b35b0433c5ff2976c6a04214 (patch) | |
| tree | b822795da042456bb8e7f04db1401a61dca10111 | |
| parent | c4a8c5fef1dc27cb587db8744c9d3088e6c4d9f9 (diff) | |
| download | bugzilla-8b0e08269dce8c37b35b0433c5ff2976c6a04214.tar.gz bugzilla-8b0e08269dce8c37b35b0433c5ff2976c6a04214.tar.xz | |
Bug 204042: taint issues in perl 5.6.0 that were causing an Internal Error to ocurr after adding an attachment.
r= joel, a= justdave
| -rwxr-xr-x | attachment.cgi | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/attachment.cgi b/attachment.cgi index 44a49c5f7..83a910ee0 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -932,7 +932,13 @@ sub insert # Define the variables and functions that will be passed to the UI template. $vars->{'mailrecipients'} = { 'changer' => $::COOKIE{'Bugzilla_login'}, 'owner' => $owner }; - $vars->{'bugid'} = $::FORM{'bugid'}; + my $bugid = $::FORM{'bugid'}; + detaint_natural($bugid); # don't bother with error condition, we know it'll work + # because of ValidateBugID above. This is only needed + # for Perl 5.6.0. If we ever require Perl 5.6.1 or + # newer, or detaint something other than $::FORM{'bugid'} + # in ValidateBugID above, then this can go away. + $vars->{'bugid'} = $bugid; $vars->{'attachid'} = $attachid; $vars->{'description'} = $description; $vars->{'contenttypemethod'} = $::FORM{'contenttypemethod'}; |