From: jocuri%softhome.net <>
Date: Sun, 19 Oct 2003 15:32:46 +0000 (+0000)
Subject: Bug 220332: Insecure dependency in exec while running with -T switch at process_bug... 
X-Git-Tag: bugzilla-2.16.4~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=662717cd020fecd9c1bb356ff0464b7c5e3830ec;p=thirdparty%2Fbugzilla.git

Bug 220332: Insecure dependency in exec while running with -T switch at process_bug.cgi line 1267; r=justdave,gerv; a=justdave.
---

diff --git a/process_bug.cgi b/process_bug.cgi
index aa8b668db7..205b3f3663 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -568,6 +568,8 @@ if (defined $::FORM{newcc} || defined $::FORM{removecc} || defined $::FORM{massc
         $cc_remove =~ s/[\s,]+/ /g; # Change all delimiters to a single space
         foreach my $person ( split(" ", $cc_remove) ) {
             my $pid = DBNameToIdAndCheck($person);
+            # if we got here, the DB has already verified the email
+            trick_taint($person);
             $cc_remove{$pid} = $person;
         }
     }