Closed Bug 345032 Opened 19 years ago Closed 19 years ago

Tainted value in request.cgi when restricting the search to a given flag

Categories

(Bugzilla :: Attachments & Requests, defect)

Product:
Bugzilla
Component:
Attachments & Requests
Version:
2.23
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.0

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

(Keywords: regression)

Attachments

(1 file)

patch, v1
1.29 KB, patch
myk
: review+
Details | Diff | Splinter Review
This is a regression due to bug 300549 and so only affects 2.24: Insecure dependency in parameter 1 of DBI::db=HASH(0x89e9ae0)->selectrow_array method call while running with -T switch at Bugzilla/FlagType.pm line 356. This only affects request.cgi as all other calls to Bugzilla::FlagType::{match|count} pass detainted values.
Attached patch patch, v1Splinter Review
Attachment #229649 - Flags: review?(myk)
Comment on attachment 229649 [details] [diff] [review] patch, v1 Good fix, although it'd be nice if it was accompanied by a comment explaining why we're tricking taint here.
Attachment #229649 - Flags: review?(myk) → review+
Flags: approval+
Checking in Bugzilla/FlagType.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/FlagType.pm,v <-- FlagType.pm new revision: 1.32; previous revision: 1.31 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: