diff options
| author | bbaetz%student.usyd.edu.au <> | 2002-04-05 17:48:27 +0200 |
|---|---|---|
| committer | bbaetz%student.usyd.edu.au <> | 2002-04-05 17:48:27 +0200 |
| commit | 181d044266e61ffa073d1aa7ba252e812ac03c65 (patch) | |
| tree | 040f6fe339d5103d3feb21fddd2bbc2db1efeca4 /buglist.cgi | |
| parent | 8c43fccb2cfe352bf02a82e2fbebf5d5fb77bf49 (diff) | |
| download | bugzilla-181d044266e61ffa073d1aa7ba252e812ac03c65.tar.gz bugzilla-181d044266e61ffa073d1aa7ba252e812ac03c65.tar.xz | |
bug 134562 - taint error in buglist.cgi
r=justdave, gerv
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/buglist.cgi b/buglist.cgi index 2895ddd81..53685e96d 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -1226,8 +1226,12 @@ else { # Add the votes column to the list of columns to be displayed # in the bug list if the user is searching for bugs with a certain # number of votes and the votes column is not already on the list. -push(@displaycolumns, 'votes') - if $::FORM{'votes'} && !grep($_ eq 'votes', @displaycolumns); + +# Some versions of perl will taint 'votes' if this is done as a single +# statement, because $::FORM{'votes'} is tainted at this point +if (trim($::FORM{'votes'}) && !grep($_ eq 'votes', @displaycolumns)) { + push(@displaycolumns, 'votes'); +} ################################################################################ |