From 8d5dd5786873437f9fa840679cd94172e8ca30f1 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Thu, 5 Oct 2006 02:47:28 +0000
Subject: Bug 355230: [PostgreSQL] Crash if sharer_id is not an integer - Patch
 by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=myk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 buglist.cgi | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index d226ec8a8..44565f1af 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -221,8 +221,9 @@ sub LookupNamedQuery {
     $name || ThrowUserError("query_name_missing");
     trick_taint($name);
     if ($sharer_id) {
-        trick_taint($sharer_id);
         $owner_id = $sharer_id;
+        detaint_natural($owner_id);
+        $owner_id || ThrowUserError('illegal_user_id', {'userid' => $sharer_id});
     }
     else {
         $owner_id = $user->id;
-- 
cgit v1.2.3-24-g4f1b