From 4e6767d4c3d1b0b583f4ec076992345545294748 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Sun, 20 Jan 2002 09:44:34 +0000
Subject: Fix for bug 108982: enable taint mode for all user-facing CGI files.
 Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave

---
 Bugzilla/Attachment.pm |  1 -
 Bugzilla/Bug.pm        | 11 ++++++-----
 Bugzilla/Token.pm      |  1 -
 3 files changed, 6 insertions(+), 7 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index 1ba194d77..acfa52f63 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -1,4 +1,3 @@
-#!/usr/bonsaitools/bin/perl -w
 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 670b274eb..96ff0b8af 100755
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1,4 +1,3 @@
-#!/usr/bonsaitools/bin/perl -w
 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
@@ -75,10 +74,12 @@ sub initBug  {
   my $self = shift();
   my ($bug_id, $user_id) = (@_);
 
-
-  if ( (! defined $bug_id) || (!$bug_id) ) {
-    # no bug number given
-    return {};
+  my $old_bug_id = $bug_id;
+  if ((! defined $bug_id) || (!$bug_id) || (!&::detaint_natural($bug_id))) {
+      # no bug number given
+      $self->{'bug_id'} = $old_bug_id;
+      $self->{'error'} = "InvalidBugId";
+      return $self;
   }
 
 # default userid 0, or get DBID if you used an email address
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 185884c98..f2c5fbde7 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -1,4 +1,3 @@
-#!/usr/bonsaitools/bin/perl -w
 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
-- 
cgit v1.2.3-24-g4f1b