From: lpsolit%gmail.com <>
Date: Tue, 21 Feb 2006 07:54:49 +0000 (+0000)
Subject: [SECURITY] Bug 312498: editparams.cgi doesn't check whether 'whinedays' and 'mostfreq... 
X-Git-Tag: bugzilla-2.16.11~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=166836ce79f710dd1f2b654fa6284053ed6fd5b5;p=thirdparty%2Fbugzilla.git

[SECURITY] Bug 312498: editparams.cgi doesn't check whether 'whinedays' and 'mostfreqthreshold' are numeric - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
---

diff --git a/defparams.pl b/defparams.pl
index 6ccde137ed..a66c44c83b 100644
--- a/defparams.pl
+++ b/defparams.pl
@@ -213,7 +213,8 @@ DefParam("LDAPmailattribute",
 DefParam("mostfreqthreshold",
          "The minimum number of duplicates a bug needs to show up on the <A HREF=\"duplicates.cgi\">most frequently reported bugs page</a>. If you have a large database and this page takes a long time to load, try increasing this number.",
          "t",
-         "2");
+         "2",
+         \&check_numeric);
 
 
 DefParam("mybugstemplate",
@@ -604,7 +605,8 @@ DefParam("maxpatchsize",
           To accept patches of any size (subject to the limitations of 
           your server software), set this value to zero." ,
          "t",
-         '1000');
+         '1000',
+         \&check_numeric);
 
 DefParam("maxattachmentsize" , 
          "The maximum size (in kilobytes) of non-patch attachments.  Bugzilla 
@@ -612,6 +614,7 @@ DefParam("maxattachmentsize" ,
           in size.  To accept attachments of any size (subject to the
           limitations of your server software), set this value to zero." , 
          "t" , 
-         '1000');
+         '1000',
+         \&check_numeric);
 
 1;