Bug 340538: Insecure dependency in exec while running with -T switch at /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16.

Patch by Marc Schumann <wurblzap@gmail.com>,
r=LpSolit, a=myk

1 files changed, 2 insertions, 5 deletions

diff --git a/editusers.cgi b/editusers.cgi
index 19e7ea587..5f356fb40 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -257,14 +257,13 @@ if ($action eq 'search') {
         my @values;
 
         if ($login ne $otherUser->login) {
-            # Validate, then trick_taint.
+            # Validating untaints for us.
             $login || ThrowUserError('user_login_required');
             validate_email_syntax($login)
               || ThrowUserError('illegal_email_address', {addr => $login});
             is_available_username($login)
               || ThrowUserError('account_exists', {email => $login});
 
-            trick_taint($login);
             push(@changedFields, 'login_name');
             push(@values, $login);
             $logoutNeeded = 1;
@@ -280,9 +279,8 @@ if ($action eq 'search') {
             push(@values, $realname);
         }
         if ($password) {
-            # Validate, then trick_taint.
+            # Validating untaints for us.
             validate_password($password) if $password;
-            trick_taint($password);
             push(@changedFields, 'cryptpassword');
             push(@values, bz_crypt($password));
             $logoutNeeded = 1;
@@ -296,7 +294,6 @@ if ($action eq 'search') {
             $logoutNeeded = 1;
         }
         if ($disable_mail != $otherUser->email_disabled) {
-            trick_taint($disable_mail);
             push(@changedFields, 'disable_mail');
             push(@values, $disable_mail);
         }