diff options
Diffstat (limited to 'editproducts.cgi')
| -rwxr-xr-x | editproducts.cgi | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/editproducts.cgi b/editproducts.cgi index 1782a74b8..c36537c22 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -337,8 +337,15 @@ if ($action eq 'new') { SqlQuote($product) . "," . SqlQuote($description) . "," . SqlQuote($milestoneurl) . "," . - $disallownew . "," . - "$votesperuser, $maxvotesperbug, $votestoconfirm, " . + # had tainting issues under cygwin, IIS 5.0, perl -T %s %s + # see bug 208647. http://bugzilla.mozilla.org/show_bug.cgi?id=208647 + # had to de-taint $disallownew, $votesperuser, $maxvotesperbug, + # and $votestoconfirm w/ SqlQuote() + # - jpyeron@pyerotechnics.com + SqlQuote($disallownew) . "," . + SqlQuote($votesperuser) . "," . + SqlQuote($maxvotesperbug) . "," . + SqlQuote($votestoconfirm) . "," . SqlQuote($defaultmilestone) . ")"); SendSQL("SELECT LAST_INSERT_ID()"); my $product_id = FetchOneColumn(); |