Closed Bug 251484 Opened 20 years ago Closed 20 years ago

taint error on series create when creating a new product

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Version:
2.18
Platform:
PowerPC
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: justdave, Assigned: bugreport)

References

Details

Attachments

(1 file, 2 obsolete files)

includes comment
743 bytes, patch
justdave
: review+
Details | Diff | Splinter Review 
Bugzilla  Version 2.18rc1

Adding new product

Software error:

Insecure dependency in parameter 1 of DBI::db=HASH(0x9280a9c)->do method call
while running with -T switch at Bugzilla/Series.pm line 183.
Flags: blocking2.18+
Target Milestone: --- → Bugzilla 2.18
Attached patch Detaint query and name (obsolete) — Splinter Review 
Assignee: justdave → bugreport
Status: NEW → ASSIGNED

    
  

        Attachment #153239 -
        Flags: review?

    
    

    
  

      
      
      
      

        Attached patch
          
          
        detaint at source (obsolete)
        — Splinter Review
      

    


  

        Attachment #153239 -
        Attachment is obsolete: true

    
  

        Attachment #153239 -
        Flags: review?

    
  

        Attachment #153240 -
        Flags: review?

    
    

    
  
Comment on attachment 153240 [details] [diff] [review]
detaint at source

Hmm. Weird. Why are we trick_tainting $product so late? Shouldn't it be done
right after we verify the product with TestProduct? 

Also, what ensures open_name is really safe?  It comes from a form variable,
and apparently, straight from it..

    
    

    
  
Both of those go straight into strings that get dbh->quoted and written.

product is also coming froma  bug form,


    
    

    
  
There's actually a similar problem on normal series create; I've fixed it as
part of my patch for the series group controls.

Gerv

    
    

    
  
I've also seen the same error when trying to update a product with a new
votestoconfirm. Is that a different bug?

Gerv

    
    

    
  
(In reply to comment #6)
> I've also seen the same error when trying to update a product with a new
> votestoconfirm. Is that a different bug?

I think that the vote field taint issues were fixed in bug#250265   

    
    

    
  
Comment on attachment 153240 [details] [diff] [review]
detaint at source

We need a comment here explaining why trick_taint is okay to use here.

        Attachment #153240 -
        Flags: review? → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        includes commentSplinter Review
      

    


  

        Attachment #153240 -
        Attachment is obsolete: true

    
  

        Attachment #153474 -
        Flags: review?(justdave)

    
    

    
  
Comment on attachment 153474 [details] [diff] [review]
includes comment

looks good.  fix your spelling mistake on checkin :)

        Attachment #153474 -
        Flags: review?(justdave) → review+

    
  
Flags: approval2.18+
Flags: approval+

    
    

    
  
checked in on both branches

Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 264083 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 273341 has been marked as a duplicate of this bug. ***
QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: