diff options
| author | jocuri%softhome.net <> | 2004-06-16 22:45:37 +0200 |
|---|---|---|
| committer | jocuri%softhome.net <> | 2004-06-16 22:45:37 +0200 |
| commit | f67f57a7b01c0284dffbd90c93d8bc079266389b (patch) | |
| tree | 679d70950d9812f65c26fb438fa5a3e9ec888f60 | |
| parent | 0bd25a01b546fc6c6bfa1b4d3b1a492b471d396b (diff) | |
| download | bugzilla-f67f57a7b01c0284dffbd90c93d8bc079266389b.tar.gz bugzilla-f67f57a7b01c0284dffbd90c93d8bc079266389b.tar.xz | |
Patch for bug 246328: make editmilestone check for invalid sortkeys; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=vladd; a=justdave.
| -rwxr-xr-x | editmilestones.cgi | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/editmilestones.cgi b/editmilestones.cgi index 5100577ee..e9ec0ed92 100755 --- a/editmilestones.cgi +++ b/editmilestones.cgi @@ -519,6 +519,12 @@ if ($action eq 'update') { products WRITE"); if ($sortkey != $sortkeyold) { + if (!detaint_natural($sortkey)) { + print "The sortkey for a milestone must be a number. Please press\n"; + print "<b>Back</b> and try again.\n"; + PutTrailer($localtrailer); + exit; + } SendSQL("UPDATE milestones SET sortkey=$sortkey WHERE product_id=" . $product_id . " AND value=" . SqlQuote($milestoneold)); |