diff options
-rw-r--r-- | Bugzilla/Config.pm | 8 | ||||
-rw-r--r-- | Bugzilla/Config/Common.pm | 5 |
2 files changed, 11 insertions, 2 deletions
diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm index 0d61abb7d..5dfe2e37d 100644 --- a/Bugzilla/Config.pm +++ b/Bugzilla/Config.pm @@ -309,7 +309,13 @@ sub read_param_file { } # JSON::XS doesn't detaint data for us. foreach my $key (keys %params) { - trick_taint($params{$key}) if defined $params{$key}; + if (ref($params{$key}) eq "ARRAY") { + foreach my $item (@{$params{$key}}) { + trick_taint($item); + } + } else { + trick_taint($params{$key}) if defined $params{$key}; + } } } elsif ($ENV{'SERVER_SOFTWARE'}) { diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm index 6f0c0d470..6e8ae7b61 100644 --- a/Bugzilla/Config/Common.pm +++ b/Bugzilla/Config/Common.pm @@ -44,7 +44,10 @@ sub check_multi { return ""; } elsif ($param->{'type'} eq 'm' || $param->{'type'} eq 'o') { - foreach my $chkParam (split(',', $value)) { + if (ref($value) ne "ARRAY") { + $value = [split(',', $value)] + } + foreach my $chkParam (@$value) { unless (scalar(grep {$_ eq $chkParam} (@{$param->{'choices'}}))) { return "Invalid choice '$chkParam' for multi-select list param '$param->{'name'}'"; } |