From a4362815ee6e840253a8d42e2bbe4c604f58cd15 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Sat, 6 Feb 2010 18:43:40 +0100
Subject: Bug 544615: Bug.legal_values triggers an insecure dependency in
 Bugzilla::Field::get_legal_field_values() r/a=mkanat

---
 Bugzilla/WebService/Bug.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index 16217bb63..711a45f44 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -32,7 +32,7 @@ use Bugzilla::WebService::Constants;
 use Bugzilla::WebService::Util qw(filter validate);
 use Bugzilla::Bug;
 use Bugzilla::BugMail;
-use Bugzilla::Util qw(trim);
+use Bugzilla::Util qw(trick_taint trim);
 use Bugzilla::Version;
 use Bugzilla::Milestone;
 use Bugzilla::Status;
@@ -427,6 +427,8 @@ sub legal_values {
 
     my $values;
     if (grep($_->name eq $field, @global_selects)) {
+        # The field is a valid one.
+        trick_taint($field);
         $values = get_legal_field_values($field);
     }
     elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) {
-- 
cgit v1.2.3-24-g4f1b