Closed
Bug 224021
Opened 21 years ago
Closed 21 years ago
taint issues in editusers
Categories
(Bugzilla :: Administration, task)
Bugzilla
Administration
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: altlist, Assigned: glob)
Details
Attachments
(1 file, 1 obsolete file)
|
795 bytes,
patch
|
jouni
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.5) Gecko/20031021 Firebird/0.7
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.5) Gecko/20031021 Firebird/0.7
Similar to bug #208847, there appears to be some taint issues with editusers.cgi
Reproducible: Always
Steps to Reproduce:
|
Reporter | |
Comment 1•21 years ago
|
||
Attachment #134375 -
Flags: review?
|
||
Comment 2•21 years ago
|
||
Comment on attachment 134375 [details] [diff] [review]
taint fixes
Rather than SqlQuote, validate the input using detaint_natural. See bug 208847
comment 21 and forwards.
Attachment #134375 -
Flags: review? → review-
Attachment #134375 -
Attachment is obsolete: true
|
|
||
Comment 4•21 years ago
|
||
Comment on attachment 149037 [details] [diff] [review]
detaint
I can't find anything wrong with it; it seems to be fine. r=jouni
Attachment #149037 -
Flags: review+
|
|
||
Updated•21 years ago
|
Flags: approval?
Target Milestone: --- → Bugzilla 2.18
|
||
Comment 5•21 years ago
|
||
This will need a new patch because of a conflict with bug 141006, but that's a
simple enough fix, I'll a= in advance.
Flags: approval? → approval+
OS: SunOS → All
Hardware: Sun → All
|
|
||
Comment 6•21 years ago
|
||
Skipped the first hunk touching shebang line (which was already changed in bug
141006).
Checking in editusers.cgi;
/cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v <-- editusers.cgi
new revision: 1.57; previous revision: 1.56
done
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•