Bug 314919: [PostgreSQL] "Find a Specific Bug" using Pg fails - Patch by Frédéric...

diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 263f545af44c3d7ebb7163cb951fb09cc3a25dcc..f031637d5547328a8bdb19e378b6564595fcb8ba 100644 (file)
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -272,6 +272,9 @@ sub sql_fulltext_search {
     # in LIKE search clauses
     @words = map($self->quote("%$_%"), @words);
 
+    # untaint words, since they are safe to use now that we've quoted them
+    map(trick_taint($_), @words);
+
     # turn the words into a set of LIKE search clauses
     @words = map("LOWER($column) LIKE $_", @words);