Bug 288483: Internal error on creating attachment. (Tainted)

Patch By Jan Ruzicka <jan.ruzicka@comtechmobile.com> r=gavin, r=justdave, a=justdave

diff --git a/attachment.cgi b/attachment.cgi
index 9847dc2898d04edff1a99754bb6ff01f8899a53e..0450f3fd6268dc1ed76463228a51782d656cf7f5 100755 (executable)
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -951,11 +951,15 @@ sub insert
                            # for Perl 5.6.0.  If we ever require Perl 5.6.1 or
                            # newer, or detaint something other than $::FORM{'bugid'}
                            # in ValidateBugID above, then this can go away.
+  my $contenttypemethod = $::FORM{'contenttypemethod'};
+  trick_taint($contenttypemethod); # Same Perl 5.6.0 hack as above
+  $contenttype = $::FORM{'contenttype'};
+  trick_taint($contenttype); # Same Perl 5.6.0 hack as above
   $vars->{'bugid'} = $bugid;
   $vars->{'attachid'} = $attachid;
   $vars->{'description'} = $description;
-  $vars->{'contenttypemethod'} = $::FORM{'contenttypemethod'};
-  $vars->{'contenttype'} = $::FORM{'contenttype'};
+  $vars->{'contenttypemethod'} = $contenttypemethod;
+  $vars->{'contenttype'} = $contenttype;
 
   print Bugzilla->cgi->header();