From: Dylan William Hardison <dylan@hardison.net>
Date: Fri, 4 May 2018 19:41:39 +0000 (-0400)
Subject: no bug - untaint default values in localconfig
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=779252b143809c134aae82333e8456b566b054be;p=thirdparty%2Fbugzilla.git

no bug - untaint default values in localconfig
---

diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm
index 7a913358c..55394bc2e 100644
--- a/Bugzilla/Install/Localconfig.pm
+++ b/Bugzilla/Install/Localconfig.pm
@@ -211,6 +211,7 @@ sub _read_localconfig_from_env {
         else {
             my $default = $var->{default};
             $localconfig{$name} = ref($default) eq 'CODE' ? $default->() : $default;
+            untaint($localconfig{$name});
         }
     }