Closed
Bug 251484
Opened 20 years ago
Closed 20 years ago
taint error on series create when creating a new product
Categories
(Bugzilla :: Administration, task)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: justdave, Assigned: bugreport)
References
Details
Attachments
(1 file, 2 obsolete files)
743 bytes,
patch
|
justdave
:
review+
|
Details | Diff | Splinter Review |
Bugzilla Version 2.18rc1 Adding new product Software error: Insecure dependency in parameter 1 of DBI::db=HASH(0x9280a9c)->do method call while running with -T switch at Bugzilla/Series.pm line 183.
Reporter | ||
Updated•20 years ago
|
Flags: blocking2.18+
Target Milestone: --- → Bugzilla 2.18
Assignee | ||
Comment 1•20 years ago
|
||
Assignee: justdave → bugreport
Status: NEW → ASSIGNED
Assignee | ||
Updated•20 years ago
|
Attachment #153239 -
Flags: review?
Assignee | ||
Comment 2•20 years ago
|
||
Attachment #153239 -
Attachment is obsolete: true
Assignee | ||
Updated•20 years ago
|
Attachment #153239 -
Flags: review?
Assignee | ||
Updated•20 years ago
|
Attachment #153240 -
Flags: review?
Comment 3•20 years ago
|
||
Comment on attachment 153240 [details] [diff] [review] detaint at source Hmm. Weird. Why are we trick_tainting $product so late? Shouldn't it be done right after we verify the product with TestProduct? Also, what ensures open_name is really safe? It comes from a form variable, and apparently, straight from it..
Assignee | ||
Comment 4•20 years ago
|
||
Both of those go straight into strings that get dbh->quoted and written. product is also coming froma bug form,
Comment 5•20 years ago
|
||
There's actually a similar problem on normal series create; I've fixed it as part of my patch for the series group controls. Gerv
Comment 6•20 years ago
|
||
I've also seen the same error when trying to update a product with a new votestoconfirm. Is that a different bug? Gerv
(In reply to comment #6) > I've also seen the same error when trying to update a product with a new > votestoconfirm. Is that a different bug? I think that the vote field taint issues were fixed in bug#250265
Reporter | ||
Comment 8•20 years ago
|
||
Comment on attachment 153240 [details] [diff] [review] detaint at source We need a comment here explaining why trick_taint is okay to use here.
Attachment #153240 -
Flags: review? → review-
Assignee | ||
Comment 9•20 years ago
|
||
Attachment #153240 -
Attachment is obsolete: true
Assignee | ||
Updated•20 years ago
|
Attachment #153474 -
Flags: review?(justdave)
Reporter | ||
Comment 10•20 years ago
|
||
Comment on attachment 153474 [details] [diff] [review] includes comment looks good. fix your spelling mistake on checkin :)
Attachment #153474 -
Flags: review?(justdave) → review+
Reporter | ||
Updated•20 years ago
|
Flags: approval2.18+
Flags: approval+
Assignee | ||
Comment 11•20 years ago
|
||
checked in on both branches
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Comment 12•20 years ago
|
||
*** Bug 264083 has been marked as a duplicate of this bug. ***
Comment 13•19 years ago
|
||
*** Bug 273341 has been marked as a duplicate of this bug. ***
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•