diff options
| author | justdave%syndicomm.com <> | 2002-01-20 10:44:34 +0100 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2002-01-20 10:44:34 +0100 |
| commit | 4e6767d4c3d1b0b583f4ec076992345545294748 (patch) | |
| tree | 44d10a299f4d910400fb420b38e21e769c00be7e /doeditvotes.cgi | |
| parent | 72f340e3a12668c9356102c71f864afa986e001a (diff) | |
| download | bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.gz bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.xz | |
Fix for bug 108982: enable taint mode for all user-facing CGI files.
Patch by Brad Baetz <bbaetz@student.usyd.edu.au>
r= jake, justdave
Diffstat (limited to 'doeditvotes.cgi')
| -rwxr-xr-x | doeditvotes.cgi | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/doeditvotes.cgi b/doeditvotes.cgi index 94c36b8f4..4d88e13c9 100755 --- a/doeditvotes.cgi +++ b/doeditvotes.cgi @@ -1,4 +1,4 @@ -#!/usr/bonsaitools/bin/perl -w +#!/usr/bonsaitools/bin/perl -wT # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public @@ -24,6 +24,8 @@ use diagnostics; use strict; +use lib qw(.); + require "CGI.pl"; ConnectToDatabase(); @@ -67,9 +69,6 @@ if (0 == @buglist) { # minus sign). foreach my $id (@buglist) { ValidateBugID($id); - ($::FORM{$id} =~ /^\d+$/) - || DisplayError("Only use non-negative numbers for your bug votes.") - && exit; } ###################################################################### @@ -144,7 +143,7 @@ while (MoreSQLData()) { } SendSQL("delete from votes where who = $who"); foreach my $id (@buglist) { - if ($::FORM{$id} > 0) { + if (detaint_natural($::FORM{$id}) && $::FORM{$id} > 0) { SendSQL("insert into votes (who, bug_id, count) values ($who, $id, $::FORM{$id})"); } $affected{$id} = 1; |