From: jocuri%softhome.net <>
Date: Wed, 16 Jun 2004 20:45:37 +0000 (+0000)
Subject: Patch for bug 246328: make editmilestone check for invalid sortkeys; patch by Byron... 
X-Git-Tag: bugzilla-2.18rc1~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f67f57a7b01c0284dffbd90c93d8bc079266389b;p=thirdparty%2Fbugzilla.git

Patch for bug 246328: make editmilestone check for invalid sortkeys; patch by Byron Jones (glob) <bugzilla@glob.com.au>; r=vladd; a=justdave.
---

diff --git a/editmilestones.cgi b/editmilestones.cgi
index 5100577eed..e9ec0ed920 100755
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -519,6 +519,12 @@ if ($action eq 'update') {
                          products WRITE");
 
     if ($sortkey != $sortkeyold) {
+        if (!detaint_natural($sortkey)) {
+            print "The sortkey for a milestone must be a number. Please press\n";
+            print "<b>Back</b> and try again.\n";
+            PutTrailer($localtrailer);
+            exit;
+        }
         SendSQL("UPDATE milestones SET sortkey=$sortkey
                  WHERE product_id=" . $product_id . "
                    AND value=" . SqlQuote($milestoneold));