Bug 160710 - Taint checking causes problem with rename function

r=joel, preed

2 files changed, 15 insertions, 1 deletions

diff --git a/template/en/default/account/prefs/prefs.html.tmpl b/template/en/default/account/prefs/prefs.html.tmpl
index d455b5b66..327218e17 100644
--- a/template/en/default/account/prefs/prefs.html.tmpl
+++ b/template/en/default/account/prefs/prefs.html.tmpl
@@ -100,7 +100,16 @@
 <form method="post" action="userprefs.cgi">
   <input type="hidden" name="tab" value="[% current_tab.name %]">
 
-  [% PROCESS "account/prefs/${current_tab.name}.html.tmpl" IF current_tab.name.defined %]
+  [%# See bug 160710 for why this is done this way %]
+  [% IF current_tab.name == "account" %]
+    [% PROCESS "account/prefs/account.html.tmpl" %]
+  [% ELSIF current_tab.name == "email" %]
+    [% PROCESS "account/prefs/email.html.tmpl" %]
+  [% ELSIF current_tab.name == "footer" %]
+    [% PROCESS "account/prefs/footer.html.tmpl" %]
+  [% ELSIF current_tab.name == "permissions" %]
+    [% PROCESS "account/prefs/permissions.html.tmpl" %]
+  [% END %]
 
   [% IF current_tab.saveable %]
     <input type="hidden" name="dosave" value="1">
diff --git a/userprefs.cgi b/userprefs.cgi
index 84c8ea027..cf58cf265 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -370,6 +370,9 @@ $vars->{'changes_saved'} = $::FORM{'dosave'};
 
 my $current_tab_name = $::FORM{'tab'} || "account";
 
+# The SWITCH below makes sure that this is valid
+trick_taint($current_tab_name);
+
 $vars->{'current_tab_name'} = $current_tab_name;
 
 # Do any saving, and then display the current tab.
@@ -393,6 +396,8 @@ SWITCH: for ($current_tab_name) {
         DoPermissions();
         last SWITCH;
     };
+    ThrowUserError("Unknown tab <code>" . html_quote($current_tab_name)
+                   . "</code>");
 }
 
 # Generate and return the UI (HTML page) from the appropriate template.