From: lpsolit%gmail.com <>
Date: Tue, 21 Feb 2006 07:32:08 +0000 (+0000)
Subject: [SECURITY] editparams.cgi doesn't check whether 'whinedays' and 'mostfreqthreshold... 
X-Git-Tag: bugzilla-2.22rc1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39e8d6dc7a8371433d8260b86ebc12396da1de7a;p=thirdparty%2Fbugzilla.git

[SECURITY] editparams.cgi doesn't check whether 'whinedays' and 'mostfreqthreshold' are numeric - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=justdave
---

diff --git a/Bugzilla/Config/MTA.pm b/Bugzilla/Config/MTA.pm
index 61569e2d3e..50aa8c85d2 100644
--- a/Bugzilla/Config/MTA.pm
+++ b/Bugzilla/Config/MTA.pm
@@ -104,7 +104,8 @@ Configure bugmail: %urlbase%userprefs.cgi?tab=email
   {
    name => 'whinedays',
    type => 't',
-   default => 7
+   default => 7,
+   checker => \&check_numeric
   },
 
   {
diff --git a/Bugzilla/Config/Query.pm b/Bugzilla/Config/Query.pm
index b86339fc91..e3996a0eef 100644
--- a/Bugzilla/Config/Query.pm
+++ b/Bugzilla/Config/Query.pm
@@ -51,7 +51,8 @@ sub get_param_list {
   {
    name => 'mostfreqthreshold',
    type => 't',
-   default => '2'
+   default => '2',
+   checker => \&check_numeric
   },
 
   {