Bug 523869: Insecure dependency error when trying to update some fields (problem…

Bug 523869: Insecure dependency error when trying to update some fields (problem with multi-select custom fields) - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r/a=mkanat

Bug 523869: Insecure dependency error when trying to update some fields (problem…
f30aa492 · lpsolit%gmail.com · 13e17b22 · f30aa492
Commit f30aa492 authored Oct 23, 2009 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

Bug.pm Bugzilla/Bug.pm +5 -0

No files found.
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -3709,6 +3709,11 @@ sub AUTOLOAD {
      $self->{_multi_selects} ||= [Bugzilla->get_fields(
          {custom => 1, type => FIELD_TYPE_MULTI_SELECT })];
      if ( grep($_->name eq $attr, @{$self->{_multi_selects}}) ) {
+          # There is a bug in Perl 5.10.0, which is fixed in 5.10.1,
+          # which taints $attr at this point. trick_taint() can go
+          # away once we require 5.10.1 or newer.
+          trick_taint($attr);
+
          $self->{$attr} ||= Bugzilla->dbh->selectcol_arrayref(
              "SELECT value FROM bug_$attr WHERE bug_id = ? ORDER BY value",
              undef, $self->id);