Bug 544615: Bug.legal_values triggers an insecure dependency in Bugzilla::Field:...

author Frédéric Buclin <LpSolit@gmail.com>

Sat, 6 Feb 2010 17:43:40 +0000 (18:43 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Sat, 6 Feb 2010 17:43:40 +0000 (18:43 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Sat, 6 Feb 2010 17:43:40 +0000 (18:43 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Sat, 6 Feb 2010 17:43:40 +0000 (18:43 +0100)
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm

index 16217bb638c5b56e10d6f3fd70af8525c0217f3e..711a45f4439119cd2340fb422be9f06364295e8c 100644 (file)
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -32,7 +32,7 @@ use Bugzilla::WebService::Constants;
  use Bugzilla::WebService::Util qw(filter validate);
  use Bugzilla::Bug;
  use Bugzilla::BugMail;
-use Bugzilla::Util qw(trim);
+use Bugzilla::Util qw(trick_taint trim);
  use Bugzilla::Version;
  use Bugzilla::Milestone;
  use Bugzilla::Status;
@@ -427,6 +427,8 @@ sub legal_values {
  
      my $values;
      if (grep($_->name eq $field, @global_selects)) {
+        # The field is a valid one.
+        trick_taint($field);
          $values = get_legal_field_values($field);
      }
      elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) {
author	Frédéric Buclin <LpSolit@gmail.com>
	Sat, 6 Feb 2010 17:43:40 +0000 (18:43 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Sat, 6 Feb 2010 17:43:40 +0000 (18:43 +0100)