Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
c50567b3
Commit
c50567b3
authored
Jul 09, 2004
by
timeless%mozdev.org
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 242405 Turning on QA contact causes taint error in Bugzilla/Series.pm when adding a component
patch by bugzilla@glob.com.au r=joel a=justdave
parent
3bbd08a2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
7 deletions
+15
-7
Series.pm
Bugzilla/Series.pm
+0
-1
editcomponents.cgi
editcomponents.cgi
+15
-6
No files found.
Bugzilla/Series.pm
View file @
c50567b3
...
...
@@ -180,7 +180,6 @@ sub writeToDatabase {
}
else
{
# Insert the new series into the series table
trick_taint
(
$self
->
{
'query'
});
$dbh
->
do
(
"INSERT INTO series (creator, category, subcategory, "
.
"name, frequency, query) VALUES ($self->{'creator'}, "
.
"$category_id, $subcategory_id, "
.
...
...
editcomponents.cgi
View file @
c50567b3
...
...
@@ -46,7 +46,7 @@ sub sillyness {
my
$dobugcounts
=
(
defined
$::FORM
{
'dobugcounts'
});
my
$cgi
=
Bugzilla
->
cgi
;
# TestProduct: just returns if the specified product does exists
# CheckProduct: same check, optionally emit an error text
...
...
@@ -458,12 +458,21 @@ if ($action eq 'new') {
# For localisation reasons, we get the title of the queries from the
# submitted form.
my
$open_name
=
$cgi
->
param
(
'open_name'
);
my
$closed_name
=
$cgi
->
param
(
'closed_name'
);
my
@openedstatuses
=
(
"UNCONFIRMED"
,
"NEW"
,
"ASSIGNED"
,
"REOPENED"
);
my
$statuses
=
join
(
"&"
,
map
{
"bug_status=$_"
}
@openedstatuses
);
push
(
@series
,
[
$::FORM
{
'open_name'
},
$statuses
.
$prodcomp
]);
my
$resolved
=
"field0-0-0=resolution&type0-0-0=notequals&value0-0-0=---"
;
push
(
@series
,
[
$::FORM
{
'closed_name'
},
$resolved
.
$prodcomp
]);
my
$statuses
=
join
(
"&"
,
map
{
"bug_status=$_"
}
@openedstatuses
)
.
$prodcomp
;
my
$resolved
=
"field0-0-0=resolution&type0-0-0=notequals&value0-0-0=---"
.
$prodcomp
;
# trick_taint is ok here, as these variables aren't used as a command
# or in SQL unquoted
trick_taint
(
$open_name
);
trick_taint
(
$closed_name
);
trick_taint
(
$statuses
);
trick_taint
(
$resolved
);
push
(
@series
,
[
$open_name
,
$statuses
]);
push
(
@series
,
[
$closed_name
,
$resolved
]);
foreach
my
$sdata
(
@series
)
{
my
$series
=
new
Bugzilla::
Series
(
undef
,
$product
,
$component
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment