From: bugreport%peshkin.net <>
Date: Sat, 17 Jul 2004 08:57:14 +0000 (+0000)
Subject: Bug 251484: Fix taint error on series create when creating a new product
X-Git-Tag: bugzilla-2.18rc2~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b9ef859e20f46d0820f120e3385015411e778ea;p=thirdparty%2Fbugzilla.git

Bug 251484: Fix taint error on series create when creating a new product
r=justdave
a=justdave
---

diff --git a/editproducts.cgi b/editproducts.cgi
index f41aaa9e58..c539465af0 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -397,6 +397,11 @@ if ($action eq 'new') {
         # Insert default charting queries for this product.
         # If they aren't using charting, this won't do any harm.
         GetVersionTable();
+
+        # $::FORM{'open_name'} and $product are sqlquoted by the series
+        # code and never used again here, so we can trick_taint them.
+        trick_taint($::FORM{'open_name'});
+        trick_taint($product);
     
         my @series;