Closed
Bug 283562
Opened 20 years ago
Closed 20 years ago
Insecure dependency in parameter 3 of DBI::db (login_to_id forgets a trick_taint)
Categories
(Bugzilla :: User Accounts, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: dev.anand, Assigned: mkanat)
References
Details
(Keywords: regression)
Attachments
(1 file)
|
845 bytes,
patch
|
Wurblzap
:
review+
bugreport
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Software error:
Insecure dependency in parameter 3 of DBI::db=HASH(0x8f3c9f8)->selectrow_array
method call while running with -T switch at Bugzilla/User.pm line 1016.
in 2.19.2 development release
Reproducible: Always
Steps to Reproduce:
1.Home Page
2.New Account
3. Fill email and name and create account
Actual Results:
Software error:
Insecure dependency in parameter 3 of DBI::db=HASH(0x8f3c9f8)->selectrow_array
method call while running with -T switch at Bugzilla/User.pm line 1016.
Expected Results:
Should have created the user and sent email with password
|
Assignee | |
Comment 1•20 years ago
|
||
Is this in the actually released 2.19.2, or in the cvs tip? I'm assuming it's in
2.19.2. I'll investigate.
Severity: major → critical
OS: Linux → All
Hardware: PC → All
I am using the CVS tip
Severity: critical → major
OS: All → Linux
Hardware: All → PC
|
|
Assignee | |
Comment 3•20 years ago
|
||
Ahh, looks like I just introduced that today. :-)
my $user_id = $dbh->selectrow_array(
"SELECT userid FROM profiles WHERE login_name = ?", undef, $login);
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Assignee | |
Updated•20 years ago
|
OS: Linux → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 2.20
|
|
Assignee | |
Updated•20 years ago
|
Assignee: user-accounts → mkanat
|
|
Assignee | |
Updated•20 years ago
|
Severity: major → critical
Status: NEW → ASSIGNED
Summary: Insecure dependency in parameter 3 of DBI::db → Insecure dependency in parameter 3 of DBI::db (login_to_id forgets a trick_taint)
|
|
Assignee | |
Updated•20 years ago
|
Keywords: regression
|
|
Assignee | |
Comment 4•20 years ago
|
||
This also includes a fix for bug 283334, because it was easy to do while I was
doing this.
Attachment #175528 -
Flags: review?(wurblzap)
|
||
Comment 5•20 years ago
|
||
Comment on attachment 175528 [details] [diff] [review]
Add a trick_taint and remove the silly detaint_natural
r=wurblzap by inspection.
Nit: could've made that return selectrow_array || 0, enhancing readability
imho.
Attachment #175528 -
Flags: review?(wurblzap) → review+
|
|
||
Updated•20 years ago
|
Flags: approval?
|
||
Comment 6•20 years ago
|
||
*** Bug 283781 has been marked as a duplicate of this bug. ***
|
||
Comment 8•20 years ago
|
||
Comment on attachment 175528 [details] [diff] [review]
Add a trick_taint and remove the silly detaint_natural
2xr=joel
This needs to go in right away
Attachment #175528 -
Flags: review+
|
|
||
Updated•20 years ago
|
Flags: blocking2.16.9?
|
||
Updated•20 years ago
|
Flags: approval? → approval+
|
|
Assignee | |
Comment 9•20 years ago
|
||
Checking in Bugzilla/User.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm
new revision: 1.40; previous revision: 1.39
done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•