Skip to content

bugzilla
bugzilla
Commit a4362815 authored by Frédéric Buclin's avatar Frédéric Buclin
Browse files
Options

Bug 544615: Bug.legal_values triggers an insecure dependency in…

Bug 544615: Bug.legal_values triggers an insecure dependency in Bugzilla::Field::get_legal_field_values() r/a=mkanat
parent 26a5920a
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 1 deletion
Bugzilla/WebService/Bug.pm
View file @ a4362815
...@@ -32,7 +32,7 @@ use Bugzilla::WebService::Constants; ...@@ -32,7 +32,7 @@ use Bugzilla::WebService::Constants;
use Bugzilla::WebService::Util qw(filter validate); use Bugzilla::WebService::Util qw(filter validate);
use Bugzilla::Bug; use Bugzilla::Bug;
use Bugzilla::BugMail; use Bugzilla::BugMail;
use Bugzilla::Util qw(trim); use Bugzilla::Util qw(trick_taint trim);
use Bugzilla::Version; use Bugzilla::Version;
use Bugzilla::Milestone; use Bugzilla::Milestone;
use Bugzilla::Status; use Bugzilla::Status;
...@@ -427,6 +427,8 @@ sub legal_values { ...@@ -427,6 +427,8 @@ sub legal_values {
my $values; my $values;
if (grep($_->name eq $field, @global_selects)) { if (grep($_->name eq $field, @global_selects)) {
# The field is a valid one.
trick_taint($field);
$values = get_legal_field_values($field); $values = get_legal_field_values($field);
} }
elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) { elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment