From 39f125ca3b0dcd3e1d7318de2e193e4335a4b9a1 Mon Sep 17 00:00:00 2001
From: Byron Jones <bjones@mozilla.com>
Date: Thu, 21 Mar 2013 13:09:12 +0800
Subject: Bug 853314: unable to edit bugzilla push options - insecure
 dependency

---
 extensions/Push/lib/Admin.pm          | 3 ++-
 extensions/Push/lib/BacklogMessage.pm | 4 ++++
 extensions/Push/lib/Backoff.pm        | 4 ++++
 extensions/Push/lib/LogEntry.pm       | 4 ++++
 extensions/Push/lib/Message.pm        | 4 ++++
 5 files changed, 18 insertions(+), 1 deletion(-)

(limited to 'extensions/Push/lib')

diff --git a/extensions/Push/lib/Admin.pm b/extensions/Push/lib/Admin.pm
index d7df25c09..f579409bd 100644
--- a/extensions/Push/lib/Admin.pm
+++ b/extensions/Push/lib/Admin.pm
@@ -13,7 +13,7 @@ use warnings;
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
-use Bugzilla::Util qw(trim detaint_natural);
+use Bugzilla::Util qw(trim detaint_natural trick_taint);
 
 use base qw(Exporter);
 our @EXPORT = qw(
@@ -67,6 +67,7 @@ sub _update_config_from_form {
     # update
     foreach my $option ($config->options) {
         my $option_name = $option->{name};
+        trick_taint($values->{$option_name});
         $config->{$option_name} = $values->{$option_name};
     }
     $config->update();
diff --git a/extensions/Push/lib/BacklogMessage.pm b/extensions/Push/lib/BacklogMessage.pm
index f9496fa24..8f5263038 100644
--- a/extensions/Push/lib/BacklogMessage.pm
+++ b/extensions/Push/lib/BacklogMessage.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
diff --git a/extensions/Push/lib/Backoff.pm b/extensions/Push/lib/Backoff.pm
index bc302a2a9..c0ea15a59 100644
--- a/extensions/Push/lib/Backoff.pm
+++ b/extensions/Push/lib/Backoff.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Util;
 
diff --git a/extensions/Push/lib/LogEntry.pm b/extensions/Push/lib/LogEntry.pm
index b883ee095..303c19da4 100644
--- a/extensions/Push/lib/LogEntry.pm
+++ b/extensions/Push/lib/LogEntry.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Constants;
diff --git a/extensions/Push/lib/Message.pm b/extensions/Push/lib/Message.pm
index 3d112a2e1..ebe32d0ea 100644
--- a/extensions/Push/lib/Message.pm
+++ b/extensions/Push/lib/Message.pm
@@ -12,6 +12,10 @@ use warnings;
 
 use base 'Bugzilla::Object';
 
+use constant AUDIT_CREATES => 0;
+use constant AUDIT_UPDATES => 0;
+use constant AUDIT_REMOVES => 0;
+
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
-- 
cgit v1.2.3-24-g4f1b