From c2f38f17cfa3aad8a13ee6eb02944b52d9e79037 Mon Sep 17 00:00:00 2001
From: "olav%bkor.dhs.org" <>
Date: Fri, 20 Oct 2006 23:56:25 +0000
Subject: Bug 357005: 'cf_' should not be allowed as a custom field name Patch
 by Olav Vitters <olav@bkor.dhs.org> r=LpSolit a=myk

---
 editfields.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'editfields.cgi')

diff --git a/editfields.cgi b/editfields.cgi
index a77aafe77..f7a059016 100644
--- a/editfields.cgi
+++ b/editfields.cgi
@@ -63,8 +63,8 @@ elsif ($action eq 'new') {
     # Validate these fields.
     $name || ThrowUserError('customfield_missing_name');
     # Don't want to allow a name that might mess up SQL.
-    $name =~ /^\w+$/ || ThrowUserError('customfield_invalid_name',
-                                       { name => $name });
+    $name =~ /^\w+$/ && $name ne "cf_"
+      || ThrowUserError('customfield_invalid_name', { name => $name });
     # Prepend cf_ to the custom field name to distinguish it from standard fields.
     if ($name !~ /^cf_/) {
         $name = 'cf_' . $name;
-- 
cgit v1.2.3-24-g4f1b