From f30aa492d193a0489fb0480c451f092ec819bbac Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Fri, 23 Oct 2009 15:37:40 +0000
Subject: Bug 523869: Insecure dependency error when trying to update some
 fields (problem with multi-select custom fields) - Patch by Frédéric Buclin
 <LpSolit@gmail.com> r/a=mkanat
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bugzilla/Bug.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 98547cd95..326c9d84d 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -3709,6 +3709,11 @@ sub AUTOLOAD {
       $self->{_multi_selects} ||= [Bugzilla->get_fields(
           {custom => 1, type => FIELD_TYPE_MULTI_SELECT })];
       if ( grep($_->name eq $attr, @{$self->{_multi_selects}}) ) {
+          # There is a bug in Perl 5.10.0, which is fixed in 5.10.1,
+          # which taints $attr at this point. trick_taint() can go
+          # away once we require 5.10.1 or newer.
+          trick_taint($attr);
+
           $self->{$attr} ||= Bugzilla->dbh->selectcol_arrayref(
               "SELECT value FROM bug_$attr WHERE bug_id = ? ORDER BY value",
               undef, $self->id);
-- 
cgit v1.2.3-24-g4f1b