summaryrefslogtreecommitdiffstats
path: root/editclassifications.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-08-06 08:32:36 +0200
committerlpsolit%gmail.com <>2006-08-06 08:32:36 +0200
commit7376b09e2d81d6b673d72ccf11c043d8790e5f72 (patch)
treef0f5feb0f8f3fe78594fab98e2b6603e3bba5689 /editclassifications.cgi
parent38c7d0766195d9d84fcd81bc23b9c71bff5bea6d (diff)
downloadbugzilla-7376b09e2d81d6b673d72ccf11c043d8790e5f72.tar.gz
bugzilla-7376b09e2d81d6b673d72ccf11c043d8790e5f72.tar.xz
Bug 347277: Entering an non-integer sortkey crashes editclassifications.cgi - Patch by Frédéric Buclin <LpSolit@gmail.com> r=bkor a=justdave
Diffstat (limited to 'editclassifications.cgi')
-rwxr-xr-xeditclassifications.cgi19
1 files changed, 14 insertions, 5 deletions
diff --git a/editclassifications.cgi b/editclassifications.cgi
index 6d75b67d2..026f1b3ab 100755
--- a/editclassifications.cgi
+++ b/editclassifications.cgi
@@ -106,13 +106,17 @@ if ($action eq 'new') {
ThrowUserError("classification_already_exists",
{ name => $classification->name });
}
-
+
my $description = trim($cgi->param('description') || '');
+
my $sortkey = trim($cgi->param('sortkey') || 0);
+ my $stored_sortkey = $sortkey;
+ detaint_natural($sortkey)
+ || ThrowUserError('classification_invalid_sortkey', {'name' => $class_name,
+ 'sortkey' => $stored_sortkey});
trick_taint($description);
trick_taint($class_name);
- detaint_natural($sortkey);
# Add the new classification.
$dbh->do("INSERT INTO classifications (name, description, sortkey)
@@ -203,12 +207,18 @@ if ($action eq 'update') {
$class_name || ThrowUserError("classification_not_specified");
my $class_old_name = trim($cgi->param('classificationold') || '');
- my $description = trim($cgi->param('description') || '');
- my $sortkey = trim($cgi->param('sortkey') || 0);
my $class_old =
Bugzilla::Classification::check_classification($class_old_name);
+ my $description = trim($cgi->param('description') || '');
+
+ my $sortkey = trim($cgi->param('sortkey') || 0);
+ my $stored_sortkey = $sortkey;
+ detaint_natural($sortkey)
+ || ThrowUserError('classification_invalid_sortkey', {'name' => $class_old->name,
+ 'sortkey' => $stored_sortkey});
+
$dbh->bz_lock_tables('classifications WRITE');
if ($class_name ne $class_old->name) {
@@ -235,7 +245,6 @@ if ($action eq 'update') {
}
if ($sortkey ne $class_old->sortkey) {
- detaint_natural($sortkey);
$dbh->do("UPDATE classifications SET sortkey = ?
WHERE id = ?", undef,
($sortkey, $class_old->id));