Skip to content

bugzilla
bugzilla
Commit fbf78711 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 345032: Tainted value in request.cgi when restricting the search to a given…

Bug 345032: Tainted value in request.cgi when restricting the search to a given flag - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=myk
parent 78094dfe
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 3 deletions
Bugzilla/FlagType.pm
View file @ fbf78711
......@@ -461,14 +461,16 @@ sub sqlify_criteria {
my @criteria = ("1=1");
if ($criteria->{name}) {
push(@criteria, "flagtypes.name = " . $dbh->quote($criteria->{name}));
my $name = $dbh->quote($criteria->{name});
trick_taint($name); # Detaint data as we have quoted it.
push(@criteria, "flagtypes.name = $name");
}
if ($criteria->{target_type}) {
# The target type is stored in the database as a one-character string
# ("a" for attachment and "b" for bug), but this function takes complete
# names ("attachment" and "bug") for clarity, so we must convert them.
my $target_type = $dbh->quote(substr($criteria->{target_type}, 0, 1));
push(@criteria, "flagtypes.target_type = $target_type");
my $target_type = $criteria->{target_type} eq 'bug'? 'b' : 'a';
push(@criteria, "flagtypes.target_type = '$target_type'");
}
if (exists($criteria->{is_active})) {
my $is_active = $criteria->{is_active} ? "1" : "0";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment