summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbbaetz%student.usyd.edu.au <>2002-02-05 07:16:18 +0100
committerbbaetz%student.usyd.edu.au <>2002-02-05 07:16:18 +0100
commitf15fc6e6632c6a360b5f620cf929084a07a4c403 (patch)
tree625d7cd16bd0e24e1015c923d1dc8aff0e9bd40b
parenta063aa364c6cafb341a1884691516fcc78a1187a (diff)
downloadbugzilla-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar.gz
bugzilla-f15fc6e6632c6a360b5f620cf929084a07a4c403.tar.xz
bug 122418 - setting attachment status fails taint checks. Just needed to
detaint after checking. r=gerv,kiko
-rwxr-xr-xattachment.cgi2
1 files changed, 2 insertions, 0 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 5996aa86d..368ad702e 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -257,6 +257,8 @@ sub validateStatuses
|| DisplayError("One of the statuses you entered is not a valid status
for this attachment.")
&& exit;
+ # We have tested that the status is valid, so it can be detainted
+ detaint_natural($status);
}
}