Closed Bug 122418 Opened 23 years ago Closed 23 years ago

setting attachment status fails

Categories

(Bugzilla :: Attachments & Requests, defect, P1)

Product:
Bugzilla
Component:
Attachments & Requests
Version:
2.15
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.16

People

(Reporter: timeless, Assigned: bbaetz)

References

Details

Attachments

(2 files)

patch
576 bytes, patch
gerv
: review+
kiko
: review+
Details | Diff | Splinter Review
patch for gerv's issue
695 bytes, patch
ddkilzer
: review+
justdave
: review+
Details | Diff | Splinter Review 
Software error:
Attempted to send tainted string 'INSERT INTO attachstatuses (attach_id, statusid) VALUES (49, 1)' to the database at globals.pl line 216.

For help, please send mail to the webmaster (root@localhost), giving this error message and the time and date of the error.
-

cvs tip, w/ and w/o the patch to remove the old attachment system.
-
Administer Attachment Statuses
 
Name Description Sort Key Product Action(s)
needstesting needs testing 5 test Edit Delete
Create
I can't reproduce this on my tip install, but maybe I'm not doing something
taint-related correctly.  bbaetz?
OK, got it. We check that the statuses are valid, but don't ever officially
detaint them. Patch coming, and taking
Assignee: myk → bbaetz
Severity: major → blocker
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.16
Attached patch patchSplinter Review 

    
    

    
  
Comment on attachment 66978 [details] [diff] [review]
patch

r=gerv. I haven't reproduced the error, but the added code is, at worst,
harmless, and if bbaetz says it fixes the problem...

Gerv

        Attachment #66978 -
        Flags: review+
Keywords: review

    
    

    
  
Comment on attachment 66978 [details] [diff] [review]
patch

damn. this bit me this morning. r=kiko

        Attachment #66978 -
        Flags: review+

    
    

    
  
*** Bug 123404 has been marked as a duplicate of this bug. ***

    
    

    
  
Checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
I just hit a similar problem, the patch for which I rolled in over in bug
110012. Is it related?

--- attachment.cgi	20 Jan 2002 01:44:35 -0000	1.8
+++ attachment.cgi	4 Feb 2002 22:33:59 -0000
@@ -316,7 +316,8 @@
       || DisplayError("The attachment number of one of the attachments 
            you wanted to obsolete is invalid.") 
         && exit;
-  
+    trick_taint($attachid);
+    
     SendSQL("SELECT bug_id, isobsolete, description 
              FROM attachments WHERE attach_id = $attachid");
 

Gerv

    
    

    
  
Yeah, but theres a slightly cleaner patch coming up.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  


  
Well, its actually a separate problem, but since when has that stopped us?

    
    

    
  
Oh, and your patch was wrong, because that was the string detainting routine, so
you would have allowed arbitrary html....

    
    

    
  
Comment on attachment 67809 [details] [diff] [review]
patch for gerv's issue

r=ddk

        Attachment #67809 -
        Flags: review+

    
    

    
  
Comment on attachment 67809 [details] [diff] [review]
patch for gerv's issue

r= justdave

why did this need a 2nd?  ;)

        Attachment #67809 -
        Flags: review+

    
    

    
  
Checked in
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED

    
  
Component: Creating/Changing Bugs → attachment and request management
QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: