investigate detaint tactics for $::FORM{isactive} in editgroups.cgi

RESOLVED DUPLICATE of bug 208847

Status

()

--
minor
RESOLVED DUPLICATE of bug 208847
15 years ago
6 years ago

People

(Reporter: jpyeron, Assigned: justdave)

Tracking

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Build Identifier: 

from bug 208847 comment 8:

Also, I believe that the correct change is....

my $isactive = $::FORM{isactive} || 0;

Since it is defined as "tinyint not null default 1"




Reproducible: Always

Steps to Reproduce:
(Reporter)

Updated

15 years ago
Depends on: 208847
that doesn't detaint it if it is set though.

better would be:

$isactive = $::FORM{isactive} ? 1 : 0;

which replaces it with an explicit (untainted) 1 if it's present and has a true
value.
There's no point in having this as a separate bug.

*** This bug has been marked as a duplicate of 208847 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
No longer depends on: 208847
Resolution: --- → DUPLICATE
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.