Closed Bug 122418 Opened 21 years ago Closed 21 years ago
setting attachment status fails
Software error: Attempted to send tainted string 'INSERT INTO attachstatuses (attach_id, statusid) VALUES (49, 1)' to the database at globals.pl line 216. For help, please send mail to the webmaster (root@localhost), giving this error message and the time and date of the error. - cvs tip, w/ and w/o the patch to remove the old attachment system. - Administer Attachment Statuses Name Description Sort Key Product Action(s) needstesting needs testing 5 test Edit Delete Create
I can't reproduce this on my tip install, but maybe I'm not doing something taint-related correctly. bbaetz?
OK, got it. We check that the statuses are valid, but don't ever officially detaint them. Patch coming, and taking
Assignee: myk → bbaetz
Severity: major → blocker
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.16
Comment on attachment 66978 [details] [diff] [review] patch r=gerv. I haven't reproduced the error, but the added code is, at worst, harmless, and if bbaetz says it fixes the problem... Gerv
Comment on attachment 66978 [details] [diff] [review] patch damn. this bit me this morning. r=kiko
*** Bug 123404 has been marked as a duplicate of this bug. ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
I just hit a similar problem, the patch for which I rolled in over in bug 110012. Is it related? --- attachment.cgi 20 Jan 2002 01:44:35 -0000 1.8 +++ attachment.cgi 4 Feb 2002 22:33:59 -0000 @@ -316,7 +316,8 @@ || DisplayError("The attachment number of one of the attachments you wanted to obsolete is invalid.") && exit; - + trick_taint($attachid); + SendSQL("SELECT bug_id, isobsolete, description FROM attachments WHERE attach_id = $attachid"); Gerv
Yeah, but theres a slightly cleaner patch coming up.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Well, its actually a separate problem, but since when has that stopped us?
Oh, and your patch was wrong, because that was the string detainting routine, so you would have allowed arbitrary html....
Comment on attachment 67809 [details] [diff] [review] patch for gerv's issue r=ddk
Comment on attachment 67809 [details] [diff] [review] patch for gerv's issue r= justdave why did this need a 2nd? ;)
Status: REOPENED → RESOLVED
Closed: 21 years ago → 21 years ago
Resolution: --- → FIXED
Component: Creating/Changing Bugs → attachment and request management
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.