Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
7b70d6c5
Commit
7b70d6c5
authored
May 31, 2006
by
mkanat%bugzilla.org
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 338573: Auth could throw an insecure dependency error if username is tainted
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
parent
ee385c93
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
6 additions
and
0 deletions
+6
-0
Verify.pm
Bugzilla/Auth/Verify.pm
+6
-0
No files found.
Bugzilla/Auth/Verify.pm
View file @
7b70d6c5
...
...
@@ -106,10 +106,16 @@ sub create_or_update_user {
validate_email_syntax
(
$username
)
||
return
{
failure
=>
AUTH_ERROR
,
error
=>
'auth_invalid_email'
,
details
=>
{
addr
=>
$username
}
};
# Username is more than likely tainted, but we only use it in a
# placeholder, and we've already validated it, so it's safe.
trick_taint
(
$username
);
$dbh
->
do
(
'UPDATE profiles SET login_name = ? WHERE userid = ?'
,
$username
,
$user
->
id
);
}
if
(
$real_name
&&
$user
->
name
ne
$real_name
)
{
# $real_name is more than likely tainted, but we only use it
# in a placeholder and we never use it after this.
trick_taint
(
$real_name
);
$dbh
->
do
(
'UPDATE profiles SET realname = ? WHERE userid = ?'
,
undef
,
$real_name
,
$user
->
id
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment