diff options
author | justdave%syndicomm.com <> | 2002-01-20 10:44:34 +0100 |
---|---|---|
committer | justdave%syndicomm.com <> | 2002-01-20 10:44:34 +0100 |
commit | 4e6767d4c3d1b0b583f4ec076992345545294748 (patch) | |
tree | 44d10a299f4d910400fb420b38e21e769c00be7e /Bug.pm | |
parent | 72f340e3a12668c9356102c71f864afa986e001a (diff) | |
download | bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.gz bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.xz |
Fix for bug 108982: enable taint mode for all user-facing CGI files.
Patch by Brad Baetz <bbaetz@student.usyd.edu.au>
r= jake, justdave
Diffstat (limited to 'Bug.pm')
-rwxr-xr-x | Bug.pm | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -1,4 +1,3 @@ -#!/usr/bonsaitools/bin/perl -w # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public @@ -75,10 +74,12 @@ sub initBug { my $self = shift(); my ($bug_id, $user_id) = (@_); - - if ( (! defined $bug_id) || (!$bug_id) ) { - # no bug number given - return {}; + my $old_bug_id = $bug_id; + if ((! defined $bug_id) || (!$bug_id) || (!&::detaint_natural($bug_id))) { + # no bug number given + $self->{'bug_id'} = $old_bug_id; + $self->{'error'} = "InvalidBugId"; + return $self; } # default userid 0, or get DBID if you used an email address |