Bug 208647: Fixes taint error in add new products code.

Patch by jpyeron@pyerotechnics.com (Jason Pyeron) r= bbaetz, a= justdave git-svn-id: svn://10.0.0.236/trunk@148384 18797224-902f-48f8-a5cc-f745e15eee43
2003-10-26 02:37:48 +00:00 · 2003-10-26 02:37:48 +00:00 · cf505a1184
commit cf505a1184
parent bf01efe92a
1 changed files with 9 additions and 2 deletions
--- a/mozilla/webtools/bugzilla/editproducts.cgi
+++ b/mozilla/webtools/bugzilla/editproducts.cgi
@ -337,8 +337,15 @@ if ($action eq 'new') {
            SqlQuote($product) . "," .
            SqlQuote($description) . "," .
            SqlQuote($milestoneurl) . "," .
-            $disallownew . "," .
-            "$votesperuser, $maxvotesperbug, $votestoconfirm, " .
+            # had tainting issues under cygwin, IIS 5.0, perl -T %s %s
+            # see bug 208647. http://bugzilla.mozilla.org/show_bug.cgi?id=208647
+            # had to de-taint $disallownew, $votesperuser, $maxvotesperbug,
+            #  and $votestoconfirm w/ SqlQuote()
+            # - jpyeron@pyerotechnics.com
+            SqlQuote($disallownew) . "," .
+            SqlQuote($votesperuser) . "," .
+            SqlQuote($maxvotesperbug) . "," .
+            SqlQuote($votestoconfirm) . "," .
            SqlQuote($defaultmilestone) . ")");
    SendSQL("SELECT LAST_INSERT_ID()");
    my $product_id = FetchOneColumn();