Closed
Bug 251484
Opened 21 years ago
Closed 21 years ago
taint error on series create when creating a new product
Categories
(Bugzilla :: Administration, task)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: justdave, Assigned: bugreport)
References
Details
Attachments
(1 file, 2 obsolete files)
|
743 bytes,
patch
|
justdave
:
review+
|
Details | Diff | Splinter Review |
Bugzilla Version 2.18rc1
Adding new product
Software error:
Insecure dependency in parameter 1 of DBI::db=HASH(0x9280a9c)->do method call
while running with -T switch at Bugzilla/Series.pm line 183.
|
Reporter | |
Updated•21 years ago
|
Flags: blocking2.18+
Target Milestone: --- → Bugzilla 2.18
|
Assignee | |
Comment 1•21 years ago
|
||
Assignee: justdave → bugreport
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•21 years ago
|
Attachment #153239 -
Flags: review?
|
|
Assignee | |
Comment 2•21 years ago
|
||
Attachment #153239 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•21 years ago
|
Attachment #153239 -
Flags: review?
|
|
Assignee | |
Updated•21 years ago
|
Attachment #153240 -
Flags: review?
|
||
Comment 3•21 years ago
|
||
Comment on attachment 153240 [details] [diff] [review]
detaint at source
Hmm. Weird. Why are we trick_tainting $product so late? Shouldn't it be done
right after we verify the product with TestProduct?
Also, what ensures open_name is really safe? It comes from a form variable,
and apparently, straight from it..
|
|
Assignee | |
Comment 4•21 years ago
|
||
Both of those go straight into strings that get dbh->quoted and written.
product is also coming froma bug form,
|
|
||
Comment 5•21 years ago
|
||
There's actually a similar problem on normal series create; I've fixed it as
part of my patch for the series group controls.
Gerv
|
|
||
Comment 6•21 years ago
|
||
I've also seen the same error when trying to update a product with a new
votestoconfirm. Is that a different bug?
Gerv
(In reply to comment #6)
> I've also seen the same error when trying to update a product with a new
> votestoconfirm. Is that a different bug?
I think that the vote field taint issues were fixed in bug#250265
|
|
Reporter | |
Comment 8•21 years ago
|
||
Comment on attachment 153240 [details] [diff] [review]
detaint at source
We need a comment here explaining why trick_taint is okay to use here.
Attachment #153240 -
Flags: review? → review-
|
|
Assignee | |
Comment 9•21 years ago
|
||
Attachment #153240 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•21 years ago
|
Attachment #153474 -
Flags: review?(justdave)
|
|
Reporter | |
Comment 10•21 years ago
|
||
Comment on attachment 153474 [details] [diff] [review]
includes comment
looks good. fix your spelling mistake on checkin :)
Attachment #153474 -
Flags: review?(justdave) → review+
|
|
Reporter | |
Updated•21 years ago
|
Flags: approval2.18+
Flags: approval+
|
|
Assignee | |
Comment 11•21 years ago
|
||
checked in on both branches
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
|
||
Comment 12•21 years ago
|
||
*** Bug 264083 has been marked as a duplicate of this bug. ***
|
|
||
Comment 13•21 years ago
|
||
*** Bug 273341 has been marked as a duplicate of this bug. ***
|
||
Updated•13 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•