diff options
author | lpsolit%gmail.com <> | 2009-10-23 15:37:40 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-10-23 15:37:40 +0000 |
commit | f30aa492d193a0489fb0480c451f092ec819bbac (patch) | |
tree | f7ee2a0449a7ecb58f5ffcbe858b1b4b3d467b5d | |
parent | Bug 522396: Bugzilla::Product->create should do better with missing input fields (diff) | |
download | bugzilla-f30aa492d193a0489fb0480c451f092ec819bbac.tar.gz bugzilla-f30aa492d193a0489fb0480c451f092ec819bbac.tar.bz2 bugzilla-f30aa492d193a0489fb0480c451f092ec819bbac.zip |
Bug 523869: Insecure dependency error when trying to update some fields (problem with multi-select custom fields) - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
-rw-r--r-- | Bugzilla/Bug.pm | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 98547cd95..326c9d84d 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -3709,6 +3709,11 @@ sub AUTOLOAD { $self->{_multi_selects} ||= [Bugzilla->get_fields( {custom => 1, type => FIELD_TYPE_MULTI_SELECT })]; if ( grep($_->name eq $attr, @{$self->{_multi_selects}}) ) { + # There is a bug in Perl 5.10.0, which is fixed in 5.10.1, + # which taints $attr at this point. trick_taint() can go + # away once we require 5.10.1 or newer. + trick_taint($attr); + $self->{$attr} ||= Bugzilla->dbh->selectcol_arrayref( "SELECT value FROM bug_$attr WHERE bug_id = ? ORDER BY value", undef, $self->id); |