From: lpsolit%gmail.com <>
Date: Tue, 21 Feb 2006 07:35:10 +0000 (+0000)
Subject: [SECURITY] editparams.cgi doesn't check whether 'whinedays' and 'mostfreqthreshold... 
X-Git-Tag: bugzilla-2.20.1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14be5c7bace5ecbe2188696d529c57303bffee61;p=thirdparty%2Fbugzilla.git

[SECURITY] editparams.cgi doesn't check whether 'whinedays' and 'mostfreqthreshold' are numeric - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
---

diff --git a/defparams.pl b/defparams.pl
index f8e2c17e72..4bd109b8e7 100644
--- a/defparams.pl
+++ b/defparams.pl
@@ -662,7 +662,8 @@ sub check_mail_delivery_method {
            'If you have a large database and this page takes a long time to ' .
            'load, try increasing this number.',
    type => 't',
-   default => '2'
+   default => '2',
+   checker => \&check_numeric
   },
 
   {
@@ -790,7 +791,8 @@ Configure bugmail: %urlbase%userprefs.cgi?tab=email
              state before our cronjob will whine at the owner.<br>
              Set to 0 to disable whining.},
    type => 't',
-   default => 7
+   default => 7,
+   checker => \&check_numeric
   },
 
   {