Patch for bug 246328: make editmilestone check for invalid sortkeys; patch by Byron...

author jocuri%softhome.net <>

Wed, 16 Jun 2004 20:45:37 +0000 (20:45 +0000)

committer jocuri%softhome.net <>

Wed, 16 Jun 2004 20:45:37 +0000 (20:45 +0000)
author jocuri%softhome.net <>
Wed, 16 Jun 2004 20:45:37 +0000 (20:45 +0000)
committer jocuri%softhome.net <>
Wed, 16 Jun 2004 20:45:37 +0000 (20:45 +0000)
diff --git a/editmilestones.cgi b/editmilestones.cgi

index 5100577eedd1b11719aa40ff3c49236bda2f3e88..e9ec0ed920017c6db6b4630d824699ef616189d4 100755 (executable)
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -519,6 +519,12 @@ if ($action eq 'update') {
                           products WRITE");
  
      if ($sortkey != $sortkeyold) {
+        if (!detaint_natural($sortkey)) {
+            print "The sortkey for a milestone must be a number. Please press\n";
+            print "<b>Back</b> and try again.\n";
+            PutTrailer($localtrailer);
+            exit;
+        }
          SendSQL("UPDATE milestones SET sortkey=$sortkey
                   WHERE product_id=" . $product_id . "
                     AND value=" . SqlQuote($milestoneold));
author	jocuri%softhome.net <>
	Wed, 16 Jun 2004 20:45:37 +0000 (20:45 +0000)
committer	jocuri%softhome.net <>
	Wed, 16 Jun 2004 20:45:37 +0000 (20:45 +0000)