summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Bugzilla/User.pm5
1 files changed, 3 insertions, 2 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 4d4787525..f87f021b9 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1013,10 +1013,11 @@ sub is_available_username ($;$) {
sub login_to_id ($) {
my ($login) = (@_);
my $dbh = Bugzilla->dbh;
+ # $login will only be used by the following SELECT statement, so it's safe.
+ trick_taint($login);
my $user_id = $dbh->selectrow_array(
"SELECT userid FROM profiles WHERE login_name = ?", undef, $login);
- # $user_id should be a positive integer, this makes Taint mode happy
- if (defined $user_id && detaint_natural($user_id)) {
+ if ($user_id) {
return $user_id;
} else {
return 0;
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2025-01-02 22:36:50 +0100