Closed
Bug 122418
Opened 23 years ago
Closed 23 years ago
setting attachment status fails
Categories
(Bugzilla :: Attachments & Requests, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: timeless, Assigned: bbaetz)
References
Details
Attachments
(2 files)
576 bytes,
patch
|
gerv
:
review+
kiko
:
review+
|
Details | Diff | Splinter Review |
695 bytes,
patch
|
ddkilzer
:
review+
justdave
:
review+
|
Details | Diff | Splinter Review |
Software error: Attempted to send tainted string 'INSERT INTO attachstatuses (attach_id, statusid) VALUES (49, 1)' to the database at globals.pl line 216. For help, please send mail to the webmaster (root@localhost), giving this error message and the time and date of the error. - cvs tip, w/ and w/o the patch to remove the old attachment system. - Administer Attachment Statuses Name Description Sort Key Product Action(s) needstesting needs testing 5 test Edit Delete Create
Comment 1•23 years ago
|
||
I can't reproduce this on my tip install, but maybe I'm not doing something taint-related correctly. bbaetz?
Assignee | ||
Comment 2•23 years ago
|
||
OK, got it. We check that the statuses are valid, but don't ever officially detaint them. Patch coming, and taking
Assignee: myk → bbaetz
Severity: major → blocker
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.16
Assignee | ||
Comment 3•23 years ago
|
||
Comment 4•23 years ago
|
||
Comment on attachment 66978 [details] [diff] [review] patch r=gerv. I haven't reproduced the error, but the added code is, at worst, harmless, and if bbaetz says it fixes the problem... Gerv
Attachment #66978 -
Flags: review+
Comment 5•23 years ago
|
||
Comment on attachment 66978 [details] [diff] [review] patch damn. this bit me this morning. r=kiko
Attachment #66978 -
Flags: review+
Comment 6•23 years ago
|
||
*** Bug 123404 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 7•23 years ago
|
||
Checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 8•23 years ago
|
||
I just hit a similar problem, the patch for which I rolled in over in bug 110012. Is it related? --- attachment.cgi 20 Jan 2002 01:44:35 -0000 1.8 +++ attachment.cgi 4 Feb 2002 22:33:59 -0000 @@ -316,7 +316,8 @@ || DisplayError("The attachment number of one of the attachments you wanted to obsolete is invalid.") && exit; - + trick_taint($attachid); + SendSQL("SELECT bug_id, isobsolete, description FROM attachments WHERE attach_id = $attachid"); Gerv
Assignee | ||
Comment 9•23 years ago
|
||
Yeah, but theres a slightly cleaner patch coming up.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 10•23 years ago
|
||
Well, its actually a separate problem, but since when has that stopped us?
Assignee | ||
Comment 11•23 years ago
|
||
Oh, and your patch was wrong, because that was the string detainting routine, so you would have allowed arbitrary html....
Comment 12•23 years ago
|
||
Comment on attachment 67809 [details] [diff] [review] patch for gerv's issue r=ddk
Attachment #67809 -
Flags: review+
Comment 13•23 years ago
|
||
Comment on attachment 67809 [details] [diff] [review] patch for gerv's issue r= justdave why did this need a 2nd? ;)
Attachment #67809 -
Flags: review+
Assignee | ||
Comment 14•23 years ago
|
||
Checked in
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
Component: Creating/Changing Bugs → attachment and request management
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•