Patch for bug 246328: make editmilestone check for invalid sortkeys; patch by…

Patch for bug 246328: make editmilestone check for invalid sortkeys; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=vladd; a=justdave.

Patch for bug 246328: make editmilestone check for invalid sortkeys; patch by…
f67f57a7 · jocuri%softhome.net · 0bd25a01 · f67f57a7
Commit f67f57a7 authored Jun 16, 2004 by jocuri%softhome.net
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

editmilestones.cgi editmilestones.cgi +6 -0

No files found.
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -519,6 +519,12 @@ if ($action eq 'update') {
                         products WRITE");

    if ($sortkey != $sortkeyold) {
+        if (!detaint_natural($sortkey)) {
+            print "The sortkey for a milestone must be a number. Please press\n";
+            print "<b>Back</b> and try again.\n";
+            PutTrailer($localtrailer);
+            exit;
+        }
        SendSQL("UPDATE milestones SET sortkey=$sortkey
                 WHERE product_id=" . $product_id . "
                   AND value=" . SqlQuote($milestoneold));