Closed
Bug 224021
Opened 21 years ago
Closed 20 years ago
taint issues in editusers
Categories
(Bugzilla :: Administration, task)
Bugzilla
Administration
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: altlist, Assigned: glob)
Details
Attachments
(1 file, 1 obsolete file)
795 bytes,
patch
|
jouni
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.5) Gecko/20031021 Firebird/0.7 Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.5) Gecko/20031021 Firebird/0.7 Similar to bug #208847, there appears to be some taint issues with editusers.cgi Reproducible: Always Steps to Reproduce:
Reporter | ||
Comment 1•21 years ago
|
||
Attachment #134375 -
Flags: review?
Comment 2•20 years ago
|
||
Comment on attachment 134375 [details] [diff] [review] taint fixes Rather than SqlQuote, validate the input using detaint_natural. See bug 208847 comment 21 and forwards.
Attachment #134375 -
Flags: review? → review-
Attachment #134375 -
Attachment is obsolete: true
Comment 4•20 years ago
|
||
Comment on attachment 149037 [details] [diff] [review] detaint I can't find anything wrong with it; it seems to be fine. r=jouni
Attachment #149037 -
Flags: review+
Updated•20 years ago
|
Flags: approval?
Target Milestone: --- → Bugzilla 2.18
Comment 5•20 years ago
|
||
This will need a new patch because of a conflict with bug 141006, but that's a simple enough fix, I'll a= in advance.
Flags: approval? → approval+
OS: SunOS → All
Hardware: Sun → All
Comment 6•20 years ago
|
||
Skipped the first hunk touching shebang line (which was already changed in bug 141006). Checking in editusers.cgi; /cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v <-- editusers.cgi new revision: 1.57; previous revision: 1.56 done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•