From: Frédéric Buclin <LpSolit@gmail.com>
Date: Sat, 6 Feb 2010 17:44:55 +0000 (+0100)
Subject: Bug 544615: Bug.legal_values triggers an insecure dependency in Bugzilla::Field:... 
X-Git-Tag: bugzilla-3.6rc1~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5a88b5c866481a7644294cba0e99d886817f840;p=thirdparty%2Fbugzilla.git

Bug 544615: Bug.legal_values triggers an insecure dependency in Bugzilla::Field::get_legal_field_values()
r/a=mkanat
---

diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm
index 53f3255d19..dc44b15f59 100644
--- a/Bugzilla/WebService/Bug.pm
+++ b/Bugzilla/WebService/Bug.pm
@@ -32,7 +32,7 @@ use Bugzilla::WebService::Constants;
 use Bugzilla::WebService::Util qw(filter validate);
 use Bugzilla::Bug;
 use Bugzilla::BugMail;
-use Bugzilla::Util qw(trim);
+use Bugzilla::Util qw(trick_taint trim);
 use Bugzilla::Version;
 use Bugzilla::Milestone;
 use Bugzilla::Status;
@@ -427,6 +427,8 @@ sub legal_values {
 
     my $values;
     if (grep($_->name eq $field, @global_selects)) {
+        # The field is a valid one.
+        trick_taint($field);
         $values = get_legal_field_values($field);
     }
     elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) {