Fix for bug 155700: detaints bug ID in ValidateBugID so it doesn't fail taint checks.

2rx=bbaetz

diff --git a/CGI.pl b/CGI.pl
index 8e8da58712560934e90d8a9db38bec0af601aade..4eeeaf5d261952f7b539ce8be96f5be73e603bbf 100644 (file)
--- a/CGI.pl
+++ b/CGI.pl
@@ -276,8 +276,9 @@ sub ValidateBugID {
     $id = trim($id);
     
     # If the ID isn't a number, it might be an alias, so try to convert it.
-    if ($id !~ /^[1-9][0-9]*$/) {
-        $id = BugAliasToID($id);
+    my $alias = $id;
+    if (!detaint_natural($id)) {
+        $id = BugAliasToID($alias);
         if (!$id) {
             my $html_id = html_quote($_[0]);
             my $alias_specific_message = Param("usebugaliases") ?