Closed Bug 345032 Opened 18 years ago Closed 18 years ago

Tainted value in request.cgi when restricting the search to a given flag

Categories

(Bugzilla :: Attachments & Requests, defect)

Product:
Bugzilla
Component:
Attachments & Requests
Version:
2.23
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.0

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

(Keywords: regression)

Attachments

(1 file)

patch, v1
1.29 KB, patch
myk
: review+
Details | Diff | Splinter Review 
This is a regression due to bug 300549 and so only affects 2.24:

Insecure dependency in parameter 1 of DBI::db=HASH(0x89e9ae0)->selectrow_array method call while running with -T switch at Bugzilla/FlagType.pm line 356.

This only affects request.cgi as all other calls to Bugzilla::FlagType::{match|count} pass detainted values.
Attached patch patch, v1Splinter Review 

        Attachment #229649 -
        Flags: review?(myk)

    
    

    
  
Comment on attachment 229649 [details] [diff] [review]
patch, v1

Good fix, although it'd be nice if it was accompanied by a comment explaining why we're tricking taint here.

        Attachment #229649 -
        Flags: review?(myk) → review+
Flags: approval+

    
    

    
  
Checking in Bugzilla/FlagType.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/FlagType.pm,v  <--  FlagType.pm
new revision: 1.32; previous revision: 1.31
done

Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: