bug 134562 - taint error in buglist.cgi

author bbaetz%student.usyd.edu.au <>

Fri, 5 Apr 2002 15:48:27 +0000 (15:48 +0000)

committer bbaetz%student.usyd.edu.au <>

Fri, 5 Apr 2002 15:48:27 +0000 (15:48 +0000)
author bbaetz%student.usyd.edu.au <>
Fri, 5 Apr 2002 15:48:27 +0000 (15:48 +0000)
committer bbaetz%student.usyd.edu.au <>
Fri, 5 Apr 2002 15:48:27 +0000 (15:48 +0000)
diff --git a/buglist.cgi b/buglist.cgi

index 2895ddd81c90f3b255ce8baedb3431ae09d9a272..53685e96d9caac33ed5d372cd76364d1bcc17d75 100755 (executable)
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1226,8 +1226,12 @@ else {
  # Add the votes column to the list of columns to be displayed
  # in the bug list if the user is searching for bugs with a certain
  # number of votes and the votes column is not already on the list.
-push(@displaycolumns, 'votes') 
-  if $::FORM{'votes'} && !grep($_ eq 'votes', @displaycolumns);
+
+# Some versions of perl will taint 'votes' if this is done as a single
+# statement, because $::FORM{'votes'} is tainted at this point
+if (trim($::FORM{'votes'}) && !grep($_ eq 'votes', @displaycolumns)) {
+    push(@displaycolumns, 'votes');
+}
  
  
  ################################################################################
author	bbaetz%student.usyd.edu.au <>
	Fri, 5 Apr 2002 15:48:27 +0000 (15:48 +0000)
committer	bbaetz%student.usyd.edu.au <>
	Fri, 5 Apr 2002 15:48:27 +0000 (15:48 +0000)