From: myk%mozilla.org <>
Date: Sun, 7 Jul 2002 01:27:18 +0000 (+0000)
Subject: Fix for bug 155700: detaints bug ID in ValidateBugID so it doesn't fail taint checks.
X-Git-Tag: bugzilla-2.17.1~278
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38fac1759c2ebcd108d5fa2dbc86d0b34e0f2951;p=thirdparty%2Fbugzilla.git

Fix for bug 155700: detaints bug ID in ValidateBugID so it doesn't fail taint checks.
2rx=bbaetz
---

diff --git a/CGI.pl b/CGI.pl
index 8e8da58712..4eeeaf5d26 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -276,8 +276,9 @@ sub ValidateBugID {
     $id = trim($id);
     
     # If the ID isn't a number, it might be an alias, so try to convert it.
-    if ($id !~ /^[1-9][0-9]*$/) {
-        $id = BugAliasToID($id);
+    my $alias = $id;
+    if (!detaint_natural($id)) {
+        $id = BugAliasToID($alias);
         if (!$id) {
             my $html_id = html_quote($_[0]);
             my $alias_specific_message = Param("usebugaliases") ?