diff options
author | mkanat%kerio.com <> | 2005-02-27 10:08:12 +0100 |
---|---|---|
committer | mkanat%kerio.com <> | 2005-02-27 10:08:12 +0100 |
commit | 1355d45bdaf91cb4aa506166eb619c2729997bd6 (patch) | |
tree | 2af78267dcbd79627bc018b53032f152877b1fa4 /Bugzilla | |
parent | 1e1498c4660b0bc4feb92a458dea533a58bd49da (diff) | |
download | bugzilla-1355d45bdaf91cb4aa506166eb619c2729997bd6.tar.gz bugzilla-1355d45bdaf91cb4aa506166eb619c2729997bd6.tar.xz |
Bug 283562: Insecure dependency in parameter 3 of DBI::db (login_to_id forgets a trick_taint)
Patch By Max Kanat-Alexander <mkanat@kerio.com> r=wurblzap, r=joel, a=justdave
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/User.pm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 4d4787525..f87f021b9 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -1013,10 +1013,11 @@ sub is_available_username ($;$) { sub login_to_id ($) { my ($login) = (@_); my $dbh = Bugzilla->dbh; + # $login will only be used by the following SELECT statement, so it's safe. + trick_taint($login); my $user_id = $dbh->selectrow_array( "SELECT userid FROM profiles WHERE login_name = ?", undef, $login); - # $user_id should be a positive integer, this makes Taint mode happy - if (defined $user_id && detaint_natural($user_id)) { + if ($user_id) { return $user_id; } else { return 0; |