Bug 160710 - Taint checking causes problem with rename function

r=joel, preed

diff --git a/template/en/default/account/prefs/prefs.html.tmpl b/template/en/default/account/prefs/prefs.html.tmpl
index 2a232f875abc9ae23347bc1161a9501251b30d1a..4e5357a4a801aaddd0f0924b9a8f6b29bdc3a383 100644 (file)
--- a/template/en/default/account/prefs/prefs.html.tmpl
+++ b/template/en/default/account/prefs/prefs.html.tmpl
@@ -100,7 +100,16 @@
 <form method="post">
   <input type="hidden" name="tab" value="[% current_tab.name %]">
 
-  [% PROCESS "account/prefs/${current_tab.name}.html.tmpl" IF current_tab.name.defined %]
+  [%# See bug 160710 for why this is done this way %]
+  [% IF current_tab.name == "account" %]
+    [% PROCESS "account/prefs/account.html.tmpl" %]
+  [% ELSIF current_tab.name == "email" %]
+    [% PROCESS "account/prefs/email.html.tmpl" %]
+  [% ELSIF current_tab.name == "footer" %]
+    [% PROCESS "account/prefs/footer.html.tmpl" %]
+  [% ELSIF current_tab.name == "permissions" %]
+    [% PROCESS "account/prefs/permissions.html.tmpl" %]
+  [% END %]
 
   [% IF current_tab.saveable %]
     <input type="hidden" name="dosave" value="1">

diff --git a/userprefs.cgi b/userprefs.cgi
index dff2f117215c676e8022621d9255c751f618d3d5..3a6a58463bdad0a8295d12eff707a5b0fa44dc6b 100755 (executable)
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -371,6 +371,9 @@ $vars->{'changes_saved'} = $::FORM{'dosave'};
 
 my $current_tab_name = $::FORM{'tab'} || "account";
 
+# The SWITCH below makes sure that this is valid
+trick_taint($current_tab_name);
+
 $vars->{'current_tab_name'} = $current_tab_name;
 
 # Do any saving, and then display the current tab.
@@ -394,6 +397,8 @@ SWITCH: for ($current_tab_name) {
         DoPermissions();
         last SWITCH;
     };
+    ThrowUserError("Unknown tab <code>" . html_quote($current_tab_name)
+                   . "</code>");
 }
 
 # Generate and return the UI (HTML page) from the appropriate template.