From 301eb1deabcbab02c7f6673635d1835912e7bd94 Mon Sep 17 00:00:00 2001
From: "bugreport%peshkin.net" <>
Date: Sat, 17 Jul 2004 08:55:37 +0000
Subject: Bug 251484: Fix taint error on series create when creating a new
 product r=justdave a=justdave

---
 editproducts.cgi | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'editproducts.cgi')

diff --git a/editproducts.cgi b/editproducts.cgi
index f41aaa9e5..c539465af 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -397,6 +397,11 @@ if ($action eq 'new') {
         # Insert default charting queries for this product.
         # If they aren't using charting, this won't do any harm.
         GetVersionTable();
+
+        # $::FORM{'open_name'} and $product are sqlquoted by the series
+        # code and never used again here, so we can trick_taint them.
+        trick_taint($::FORM{'open_name'});
+        trick_taint($product);
     
         my @series;
     
-- 
cgit v1.2.3-24-g4f1b