From 4e6767d4c3d1b0b583f4ec076992345545294748 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Sun, 20 Jan 2002 09:44:34 +0000
Subject: Fix for bug 108982: enable taint mode for all user-facing CGI files.
 Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave

---
 showvotes.cgi | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'showvotes.cgi')

diff --git a/showvotes.cgi b/showvotes.cgi
index a6928bf84..6ed4bb8e4 100755
--- a/showvotes.cgi
+++ b/showvotes.cgi
@@ -1,4 +1,4 @@
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
@@ -25,6 +25,8 @@
 use diagnostics;
 use strict;
 
+use lib qw(.);
+
 require "CGI.pl";
 
 ConnectToDatabase();
@@ -61,7 +63,7 @@ if (defined $::FORM{'voteon'}) {
 
 # Make sure the user ID is a positive integer representing an existing user.
 if (defined $::FORM{'user'}) {
-  $::FORM{'user'} =~ /^([1-9][0-9]*)$/
+  detaint_natural($::FORM{'user'})
     || DisplayError("The user number is invalid.") 
     && exit;
   SendSQL("SELECT 1 FROM profiles WHERE userid = $::FORM{'user'}");
-- 
cgit v1.2.3-24-g4f1b