From: mkanat%kerio.com <>
Date: Fri, 8 Apr 2005 01:48:34 +0000 (+0000)
Subject: Bug 288483: Internal error  on creating attachment. (Tainted)
X-Git-Tag: bugzilla-2.18.1~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c775838d20f48ed7a2ef45325c4b69a926cf00ff;p=thirdparty%2Fbugzilla.git

Bug 288483: Internal error  on creating attachment. (Tainted)
Patch By Jan Ruzicka <jan.ruzicka@comtechmobile.com> r=gavin, r=justdave, a=justdave
---

diff --git a/attachment.cgi b/attachment.cgi
index 9847dc2898..0450f3fd62 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -951,11 +951,15 @@ sub insert
                            # for Perl 5.6.0.  If we ever require Perl 5.6.1 or
                            # newer, or detaint something other than $::FORM{'bugid'}
                            # in ValidateBugID above, then this can go away.
+  my $contenttypemethod = $::FORM{'contenttypemethod'};
+  trick_taint($contenttypemethod); # Same Perl 5.6.0 hack as above
+  $contenttype = $::FORM{'contenttype'};
+  trick_taint($contenttype); # Same Perl 5.6.0 hack as above
   $vars->{'bugid'} = $bugid;
   $vars->{'attachid'} = $attachid;
   $vars->{'description'} = $description;
-  $vars->{'contenttypemethod'} = $::FORM{'contenttypemethod'};
-  $vars->{'contenttype'} = $::FORM{'contenttype'};
+  $vars->{'contenttypemethod'} = $contenttypemethod;
+  $vars->{'contenttype'} = $contenttype;
 
   print Bugzilla->cgi->header();