From 5a38a1e6fc0fd7b3675ecc4d5de009d49c99c11b Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Fri, 23 Oct 2009 15:43:13 +0000
Subject: [PATCH] =?utf8?q?Bug=20523869:=20Insecure=20dependency=20error=20?=
 =?utf8?q?when=20trying=20to=20update=20some=20fields=20(problem=20with=20?=
 =?utf8?q?multi-select=20custom=20fields)=20-=20Patch=20by=20Fr=C3=83?=
 =?utf8?q?=C2=A9d=C3=83=C2=A9ric=20Buclin=20<LpSolit@gmail.com>=20r/a=3Dmk?=
 =?utf8?q?anat?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 Bugzilla/Bug.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 64a53b8a13..19e93f42c8 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -3685,6 +3685,11 @@ sub AUTOLOAD {
       $self->{_multi_selects} ||= [Bugzilla->get_fields(
           {custom => 1, type => FIELD_TYPE_MULTI_SELECT })];
       if ( grep($_->name eq $attr, @{$self->{_multi_selects}}) ) {
+          # There is a bug in Perl 5.10.0, which is fixed in 5.10.1,
+          # which taints $attr at this point. trick_taint() can go
+          # away once we require 5.10.1 or newer.
+          trick_taint($attr);
+
           $self->{$attr} ||= Bugzilla->dbh->selectcol_arrayref(
               "SELECT value FROM bug_$attr WHERE bug_id = ? ORDER BY value",
               undef, $self->id);
-- 
2.47.2