diff options
| author | lpsolit%gmail.com <> | 2006-10-05 04:47:28 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-05 04:47:28 +0200 |
| commit | 8d5dd5786873437f9fa840679cd94172e8ca30f1 (patch) | |
| tree | 7c3d8599dfe32aa1326c2a2b50de1f22bb08f8d0 /buglist.cgi | |
| parent | 11be725848887b59c3a266c0302eae5328a5fc01 (diff) | |
| download | bugzilla-8d5dd5786873437f9fa840679cd94172e8ca30f1.tar.gz bugzilla-8d5dd5786873437f9fa840679cd94172e8ca30f1.tar.xz | |
Bug 355230: [PostgreSQL] Crash if sharer_id is not an integer - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=myk
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/buglist.cgi b/buglist.cgi index d226ec8a8..44565f1af 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -221,8 +221,9 @@ sub LookupNamedQuery { $name || ThrowUserError("query_name_missing"); trick_taint($name); if ($sharer_id) { - trick_taint($sharer_id); $owner_id = $sharer_id; + detaint_natural($owner_id); + $owner_id || ThrowUserError('illegal_user_id', {'userid' => $sharer_id}); } else { $owner_id = $user->id; |