Tainted value in request.cgi when restricting the search to a given flag

RESOLVED FIXED in Bugzilla 3.0

Status

()

Bugzilla
Attachments & Requests
--
major
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: Frédéric Buclin, Assigned: Frédéric Buclin)

Tracking

({regression})

2.23
Bugzilla 3.0
regression
Bug Flags:
approval +

Details

Attachments

(1 attachment)

(Assignee)

Description

12 years ago
This is a regression due to bug 300549 and so only affects 2.24:

Insecure dependency in parameter 1 of DBI::db=HASH(0x89e9ae0)->selectrow_array method call while running with -T switch at Bugzilla/FlagType.pm line 356.

This only affects request.cgi as all other calls to Bugzilla::FlagType::{match|count} pass detainted values.
(Assignee)

Comment 1

12 years ago
Created attachment 229649 [details] [diff] [review]
patch, v1
Attachment #229649 - Flags: review?(myk)
Comment on attachment 229649 [details] [diff] [review]
patch, v1

Good fix, although it'd be nice if it was accompanied by a comment explaining why we're tricking taint here.
Attachment #229649 - Flags: review?(myk) → review+
Flags: approval+
(Assignee)

Comment 3

12 years ago
Checking in Bugzilla/FlagType.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/FlagType.pm,v  <--  FlagType.pm
new revision: 1.32; previous revision: 1.31
done
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.