Bug 853314: unable to edit bugzilla push options - insecure dependency

author: Byron Jones <bjones@mozilla.com> 2013-03-21 06:09:12 +0100
committer: Byron Jones <bjones@mozilla.com> 2013-03-21 06:09:12 +0100
commit: 39f125ca3b0dcd3e1d7318de2e193e4335a4b9a1 (patch)
tree: 16341dbdac3ae9a8c2fdeceeaf28a0a247b028ab /extensions/Push/lib
parent: 4025fe8be55ed10613cf528bf698084415f8cb85 (diff)
download: bugzilla-39f125ca3b0dcd3e1d7318de2e193e4335a4b9a1.tar.gz
bugzilla-39f125ca3b0dcd3e1d7318de2e193e4335a4b9a1.tar.xz
5 files changed, 18 insertions, 1 deletions
diff --git a/extensions/Push/lib/Admin.pm b/extensions/Push/lib/Admin.pm
index d7df25c09..f579409bd 100644
--- a/extensions/Push/lib/Admin.pm
+++ b/extensions/Push/lib/Admin.pm
@@ -13,7 +13,7 @@ use warnings;
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
-use Bugzilla::Util qw(trim detaint_natural);
+use Bugzilla::Util qw(trim detaint_natural trick_taint);
 
 use base qw(Exporter);
 our @EXPORT = qw(
@@ -67,6 +67,7 @@ sub _update_config_from_form {
     # update
     foreach my $option ($config->options) {
         my $option_name = $option->{name};
+        trick_taint($values->{$option_name});
         $config->{$option_name} = $values->{$option_name};
     }
     $config->update();
diff --git a/extensions/Push/lib/BacklogMessage.pm b/extensions/Push/lib/BacklogMessage.pm
index f9496fa24..8f5263038 100644
--- a/extensions/Push/lib/BacklogMessage.pm
+++ b/extensions/Push/lib/BacklogMessage.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
diff --git a/extensions/Push/lib/Backoff.pm b/extensions/Push/lib/Backoff.pm
index bc302a2a9..c0ea15a59 100644
--- a/extensions/Push/lib/Backoff.pm
+++ b/extensions/Push/lib/Backoff.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Util;
 
diff --git a/extensions/Push/lib/LogEntry.pm b/extensions/Push/lib/LogEntry.pm
index b883ee095..303c19da4 100644
--- a/extensions/Push/lib/LogEntry.pm
+++ b/extensions/Push/lib/LogEntry.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Constants;
diff --git a/extensions/Push/lib/Message.pm b/extensions/Push/lib/Message.pm
index 3d112a2e1..ebe32d0ea 100644
--- a/extensions/Push/lib/Message.pm
+++ b/extensions/Push/lib/Message.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
author	Byron Jones <bjones@mozilla.com>	2013-03-21 06:09:12 +0100
committer	Byron Jones <bjones@mozilla.com>	2013-03-21 06:09:12 +0100
commit	39f125ca3b0dcd3e1d7318de2e193e4335a4b9a1 (patch)
tree	16341dbdac3ae9a8c2fdeceeaf28a0a247b028ab /extensions/Push/lib
parent	4025fe8be55ed10613cf528bf698084415f8cb85 (diff)
download	bugzilla-39f125ca3b0dcd3e1d7318de2e193e4335a4b9a1.tar.gz bugzilla-39f125ca3b0dcd3e1d7318de2e193e4335a4b9a1.tar.xz