Closed Bug 122418 Opened 21 years ago Closed 21 years ago

setting attachment status fails

Categories

(Bugzilla :: Attachments & Requests, defect, P1)

2.15
x86
Linux
defect

Tracking

()

RESOLVED FIXED
Bugzilla 2.16

People

(Reporter: timeless, Assigned: bbaetz)

References

Details

Attachments

(2 files)

Software error:
Attempted to send tainted string 'INSERT INTO attachstatuses (attach_id, statusid) VALUES (49, 1)' to the database at globals.pl line 216.

For help, please send mail to the webmaster (root@localhost), giving this error message and the time and date of the error.
-

cvs tip, w/ and w/o the patch to remove the old attachment system.
-
Administer Attachment Statuses
 
Name Description Sort Key Product Action(s)
needstesting needs testing 5 test Edit Delete
Create
I can't reproduce this on my tip install, but maybe I'm not doing something
taint-related correctly.  bbaetz?
OK, got it. We check that the statuses are valid, but don't ever officially
detaint them. Patch coming, and taking
Assignee: myk → bbaetz
Severity: major → blocker
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.16
Attached patch patchSplinter Review
Comment on attachment 66978 [details] [diff] [review]
patch

r=gerv. I haven't reproduced the error, but the added code is, at worst,
harmless, and if bbaetz says it fixes the problem...

Gerv
Attachment #66978 - Flags: review+
Keywords: review
Comment on attachment 66978 [details] [diff] [review]
patch

damn. this bit me this morning. r=kiko
Attachment #66978 - Flags: review+
*** Bug 123404 has been marked as a duplicate of this bug. ***
Checked in.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
I just hit a similar problem, the patch for which I rolled in over in bug
110012. Is it related?

--- attachment.cgi	20 Jan 2002 01:44:35 -0000	1.8
+++ attachment.cgi	4 Feb 2002 22:33:59 -0000
@@ -316,7 +316,8 @@
       || DisplayError("The attachment number of one of the attachments 
            you wanted to obsolete is invalid.") 
         && exit;
-  
+    trick_taint($attachid);
+    
     SendSQL("SELECT bug_id, isobsolete, description 
              FROM attachments WHERE attach_id = $attachid");
 

Gerv
Yeah, but theres a slightly cleaner patch coming up.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Well, its actually a separate problem, but since when has that stopped us?
Oh, and your patch was wrong, because that was the string detainting routine, so
you would have allowed arbitrary html....
Comment on attachment 67809 [details] [diff] [review]
patch for gerv's issue

r=ddk
Attachment #67809 - Flags: review+
Comment on attachment 67809 [details] [diff] [review]
patch for gerv's issue

r= justdave

why did this need a 2nd?  ;)
Attachment #67809 - Flags: review+
Checked in
Status: REOPENED → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → FIXED
Component: Creating/Changing Bugs → attachment and request management
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.