Closed Bug 224021 Opened 21 years ago Closed 20 years ago

taint issues in editusers

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: altlist, Assigned: glob)

Details

Attachments

(1 file, 1 obsolete file)

detaint
795 bytes, patch
jouni
: review+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.5) Gecko/20031021 Firebird/0.7
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.5) Gecko/20031021 Firebird/0.7

Similar to bug #208847, there appears to be some taint issues with editusers.cgi

Reproducible: Always

Steps to Reproduce:
Attached patch taint fixes (obsolete) — Splinter Review 
Blocks: 141006

    
  
Status: UNCONFIRMED → NEW
Ever confirmed: true

    
  

        Attachment #134375 -
        Flags: review?

    
    

    
  
Comment on attachment 134375 [details] [diff] [review]
taint fixes

Rather than SqlQuote, validate the input using detaint_natural. See bug 208847
comment 21 and forwards.

        Attachment #134375 -
        Flags: review? → review-

    
  
Assignee: justdave → bugzilla

    
  
Status: NEW → ASSIGNED

    
    

    
  

      
      
      
      

        Attached patch
          
          
        detaintSplinter Review
      

    


  

        Attachment #134375 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 149037 [details] [diff] [review]
detaint

I can't find anything wrong with it; it seems to be fine. r=jouni

        Attachment #149037 -
        Flags: review+

    
  
Flags: approval?
Target Milestone: --- → Bugzilla 2.18
No longer blocks: 141006

    
    

    
  
This will need a new patch because of a conflict with bug 141006, but that's a
simple enough fix, I'll a= in advance.
Flags: approval? → approval+
OS: SunOS → All
Hardware: Sun → All

    
    

    
  
Skipped the first hunk touching shebang line (which was already changed in bug
141006).

Checking in editusers.cgi;
/cvsroot/mozilla/webtools/bugzilla/editusers.cgi,v  <--  editusers.cgi
new revision: 1.57; previous revision: 1.56
done

Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: