From: lpsolit%gmail.com <>
Date: Fri, 23 Oct 2009 15:43:13 +0000 (+0000)
Subject: Bug 523869: Insecure dependency error when trying to update some fields (problem... 
X-Git-Tag: bugzilla-3.4.3~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a38a1e6fc0fd7b3675ecc4d5de009d49c99c11b;p=thirdparty%2Fbugzilla.git

Bug 523869: Insecure dependency error when trying to update some fields (problem with multi-select custom fields) - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
---

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 64a53b8a13..19e93f42c8 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -3685,6 +3685,11 @@ sub AUTOLOAD {
       $self->{_multi_selects} ||= [Bugzilla->get_fields(
           {custom => 1, type => FIELD_TYPE_MULTI_SELECT })];
       if ( grep($_->name eq $attr, @{$self->{_multi_selects}}) ) {
+          # There is a bug in Perl 5.10.0, which is fixed in 5.10.1,
+          # which taints $attr at this point. trick_taint() can go
+          # away once we require 5.10.1 or newer.
+          trick_taint($attr);
+
           $self->{$attr} ||= Bugzilla->dbh->selectcol_arrayref(
               "SELECT value FROM bug_$attr WHERE bug_id = ? ORDER BY value",
               undef, $self->id);