Closed
Bug 283334
Opened 20 years ago
Closed 20 years ago
Unnecessary untainting of the user ID in login_to_id
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: Wurblzap, Assigned: mkanat)
References
Details
(Whiteboard: [blocker will fix])
We don't use the DBI TaintOut attribute for our db connects, so data read from the db is not tainted. We can remove the untainting code from DBname_to_id in globals.pl.
|
Reporter | |
Comment 1•20 years ago
|
||
With bug 283237 landing, the function moved to Bugzilla/User.pm and is now being called login_to_id.
Summary: Unnecessary untainting of the user ID in DBname_to_id → Unnecessary untainting of the user ID in login_to_id
|
Assignee | |
Comment 2•20 years ago
|
||
I'm just going to roll the fix for this into the critical regression fix in bug 283562, because I'm touching that code anyway.
Depends on: 283562
|
|
Reporter | |
Updated•20 years ago
|
Whiteboard: [blocker will fix]
|
|
Assignee | |
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Assignee | |
Updated•20 years ago
|
Assignee: general → mkanat
Target Milestone: --- → Bugzilla 2.20
|
|
Assignee | |
Comment 3•20 years ago
|
||
Fixed by blocker.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•