summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjocuri%softhome.net <>2004-06-16 22:45:37 +0200
committerjocuri%softhome.net <>2004-06-16 22:45:37 +0200
commitf67f57a7b01c0284dffbd90c93d8bc079266389b (patch)
tree679d70950d9812f65c26fb438fa5a3e9ec888f60
parent0bd25a01b546fc6c6bfa1b4d3b1a492b471d396b (diff)
downloadbugzilla-f67f57a7b01c0284dffbd90c93d8bc079266389b.tar.gz
bugzilla-f67f57a7b01c0284dffbd90c93d8bc079266389b.tar.xz
Patch for bug 246328: make editmilestone check for invalid sortkeys; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=vladd; a=justdave.
-rwxr-xr-xeditmilestones.cgi6
1 files changed, 6 insertions, 0 deletions
diff --git a/editmilestones.cgi b/editmilestones.cgi
index 5100577ee..e9ec0ed92 100755
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -519,6 +519,12 @@ if ($action eq 'update') {
products WRITE");
if ($sortkey != $sortkeyold) {
+ if (!detaint_natural($sortkey)) {
+ print "The sortkey for a milestone must be a number. Please press\n";
+ print "<b>Back</b> and try again.\n";
+ PutTrailer($localtrailer);
+ exit;
+ }
SendSQL("UPDATE milestones SET sortkey=$sortkey
WHERE product_id=" . $product_id . "
AND value=" . SqlQuote($milestoneold));