From 37dc5c7799eb5a6d7385f6fda76bb96747979a09 Mon Sep 17 00:00:00 2001
From: "gerv%gerv.net" <>
Date: Fri, 27 Sep 2002 06:25:11 +0000
Subject: Bug 170986 - General Summary reports don't work with taint checking.
 Also fixes Throw*Error's $extra_vars parameter. Patch by gerv; r=bbaetz.

---
 globals.pl | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'globals.pl')

diff --git a/globals.pl b/globals.pl
index 64031bc85..a6a751562 100644
--- a/globals.pl
+++ b/globals.pl
@@ -1637,6 +1637,8 @@ sub GetFormat {
     # Security - allow letters and a hyphen only
     $ctype =~ s/[^a-zA-Z\-]//g;
     $format =~ s/[^a-zA-Z\-]//g;
+    trick_taint($ctype);
+    trick_taint($format);
     
     $template .= ($format ? "-$format" : "");
     $template .= ".$ctype.tmpl";
-- 
cgit v1.2.3-24-g4f1b