From: justdave%bugzilla.org <>
Date: Mon, 10 May 2004 23:57:11 +0000 (+0000)
Subject: Bug 204042: taint issues in perl 5.6.0 that were causing an Internal Error to ocurr... 
X-Git-Tag: bugzilla-2.18rc1~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b0e08269dce8c37b35b0433c5ff2976c6a04214;p=thirdparty%2Fbugzilla.git

Bug 204042: taint issues in perl 5.6.0 that were causing an Internal Error to ocurr after adding an attachment.
r= joel, a= justdave
---

diff --git a/attachment.cgi b/attachment.cgi
index 44a49c5f7e..83a910ee01 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -932,7 +932,13 @@ sub insert
   # Define the variables and functions that will be passed to the UI template.
   $vars->{'mailrecipients'} =  { 'changer' => $::COOKIE{'Bugzilla_login'},
                                  'owner'   => $owner };
-  $vars->{'bugid'} = $::FORM{'bugid'};
+  my $bugid = $::FORM{'bugid'};
+  detaint_natural($bugid); # don't bother with error condition, we know it'll work
+                           # because of ValidateBugID above.  This is only needed
+                           # for Perl 5.6.0.  If we ever require Perl 5.6.1 or
+                           # newer, or detaint something other than $::FORM{'bugid'}
+                           # in ValidateBugID above, then this can go away.
+  $vars->{'bugid'} = $bugid;
   $vars->{'attachid'} = $attachid;
   $vars->{'description'} = $description;
   $vars->{'contenttypemethod'} = $::FORM{'contenttypemethod'};