From f67f57a7b01c0284dffbd90c93d8bc079266389b Mon Sep 17 00:00:00 2001
From: "jocuri%softhome.net" <>
Date: Wed, 16 Jun 2004 20:45:37 +0000
Subject: Patch for bug 246328: make editmilestone check for invalid sortkeys;
 patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=vladd; a=justdave.

---
 editmilestones.cgi | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'editmilestones.cgi')

diff --git a/editmilestones.cgi b/editmilestones.cgi
index 5100577ee..e9ec0ed92 100755
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -519,6 +519,12 @@ if ($action eq 'update') {
                          products WRITE");
 
     if ($sortkey != $sortkeyold) {
+        if (!detaint_natural($sortkey)) {
+            print "The sortkey for a milestone must be a number. Please press\n";
+            print "<b>Back</b> and try again.\n";
+            PutTrailer($localtrailer);
+            exit;
+        }
         SendSQL("UPDATE milestones SET sortkey=$sortkey
                  WHERE product_id=" . $product_id . "
                    AND value=" . SqlQuote($milestoneold));
-- 
cgit v1.2.3-24-g4f1b