summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Config.pm8
-rw-r--r--Bugzilla/Config/Common.pm5
2 files changed, 11 insertions, 2 deletions
diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm
index 0d61abb7d..5dfe2e37d 100644
--- a/Bugzilla/Config.pm
+++ b/Bugzilla/Config.pm
@@ -309,7 +309,13 @@ sub read_param_file {
}
# JSON::XS doesn't detaint data for us.
foreach my $key (keys %params) {
- trick_taint($params{$key}) if defined $params{$key};
+ if (ref($params{$key}) eq "ARRAY") {
+ foreach my $item (@{$params{$key}}) {
+ trick_taint($item);
+ }
+ } else {
+ trick_taint($params{$key}) if defined $params{$key};
+ }
}
}
elsif ($ENV{'SERVER_SOFTWARE'}) {
diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm
index 6f0c0d470..6e8ae7b61 100644
--- a/Bugzilla/Config/Common.pm
+++ b/Bugzilla/Config/Common.pm
@@ -44,7 +44,10 @@ sub check_multi {
return "";
}
elsif ($param->{'type'} eq 'm' || $param->{'type'} eq 'o') {
- foreach my $chkParam (split(',', $value)) {
+ if (ref($value) ne "ARRAY") {
+ $value = [split(',', $value)]
+ }
+ foreach my $chkParam (@$value) {
unless (scalar(grep {$_ eq $chkParam} (@{$param->{'choices'}}))) {
return "Invalid choice '$chkParam' for multi-select list param '$param->{'name'}'";
}