summaryrefslogtreecommitdiffstats
path: root/editproducts.cgi
diff options
context:
space:
mode:
authorbugreport%peshkin.net <>2004-07-17 10:55:37 +0200
committerbugreport%peshkin.net <>2004-07-17 10:55:37 +0200
commit301eb1deabcbab02c7f6673635d1835912e7bd94 (patch)
tree3d03482c1073e93b14fe238e5b5c548102c35cb9 /editproducts.cgi
parentaba9ca24e778b821cf26338a2ab1fb9d169a7ada (diff)
downloadbugzilla-301eb1deabcbab02c7f6673635d1835912e7bd94.tar.gz
bugzilla-301eb1deabcbab02c7f6673635d1835912e7bd94.tar.xz
Bug 251484: Fix taint error on series create when creating a new product
r=justdave a=justdave
Diffstat (limited to 'editproducts.cgi')
-rwxr-xr-xeditproducts.cgi5
1 files changed, 5 insertions, 0 deletions
diff --git a/editproducts.cgi b/editproducts.cgi
index f41aaa9e5..c539465af 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -397,6 +397,11 @@ if ($action eq 'new') {
# Insert default charting queries for this product.
# If they aren't using charting, this won't do any harm.
GetVersionTable();
+
+ # $::FORM{'open_name'} and $product are sqlquoted by the series
+ # code and never used again here, so we can trick_taint them.
+ trick_taint($::FORM{'open_name'});
+ trick_taint($product);
my @series;