Bug 251484: Fix taint error on series create when creating a new product

author bugreport%peshkin.net <>

Sat, 17 Jul 2004 08:57:14 +0000 (08:57 +0000)

committer bugreport%peshkin.net <>

Sat, 17 Jul 2004 08:57:14 +0000 (08:57 +0000)
author bugreport%peshkin.net <>
Sat, 17 Jul 2004 08:57:14 +0000 (08:57 +0000)
committer bugreport%peshkin.net <>
Sat, 17 Jul 2004 08:57:14 +0000 (08:57 +0000)
diff --git a/editproducts.cgi b/editproducts.cgi

index f41aaa9e58d64abbebc13024d83842b774124f9d..c539465af0480c8b0edce33a626be539249b0b02 100755 (executable)
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -397,6 +397,11 @@ if ($action eq 'new') {
          # Insert default charting queries for this product.
          # If they aren't using charting, this won't do any harm.
          GetVersionTable();
+
+        # $::FORM{'open_name'} and $product are sqlquoted by the series
+        # code and never used again here, so we can trick_taint them.
+        trick_taint($::FORM{'open_name'});
+        trick_taint($product);
      
          my @series;
author	bugreport%peshkin.net <>
	Sat, 17 Jul 2004 08:57:14 +0000 (08:57 +0000)
committer	bugreport%peshkin.net <>
	Sat, 17 Jul 2004 08:57:14 +0000 (08:57 +0000)