From: lpsolit%gmail.com <>
Date: Fri, 23 Oct 2009 15:37:40 +0000 (+0000)
Subject: Bug 523869: Insecure dependency error when trying to update some fields (problem... 
X-Git-Tag: bugzilla-3.5.1~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f30aa492d193a0489fb0480c451f092ec819bbac;p=thirdparty%2Fbugzilla.git

Bug 523869: Insecure dependency error when trying to update some fields (problem with multi-select custom fields) - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
---

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 98547cd95b..326c9d84d0 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -3709,6 +3709,11 @@ sub AUTOLOAD {
       $self->{_multi_selects} ||= [Bugzilla->get_fields(
           {custom => 1, type => FIELD_TYPE_MULTI_SELECT })];
       if ( grep($_->name eq $attr, @{$self->{_multi_selects}}) ) {
+          # There is a bug in Perl 5.10.0, which is fixed in 5.10.1,
+          # which taints $attr at this point. trick_taint() can go
+          # away once we require 5.10.1 or newer.
+          trick_taint($attr);
+
           $self->{$attr} ||= Bugzilla->dbh->selectcol_arrayref(
               "SELECT value FROM bug_$attr WHERE bug_id = ? ORDER BY value",
               undef, $self->id);