aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-10-23 15:37:40 +0000
committerlpsolit%gmail.com <>2009-10-23 15:37:40 +0000
commitf30aa492d193a0489fb0480c451f092ec819bbac (patch)
treef7ee2a0449a7ecb58f5ffcbe858b1b4b3d467b5d
parentBug 522396: Bugzilla::Product->create should do better with missing input fields (diff)
downloadbugzilla-f30aa492d193a0489fb0480c451f092ec819bbac.tar.gz
bugzilla-f30aa492d193a0489fb0480c451f092ec819bbac.tar.bz2
bugzilla-f30aa492d193a0489fb0480c451f092ec819bbac.zip
Bug 523869: Insecure dependency error when trying to update some fields (problem with multi-select custom fields) - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
-rw-r--r--Bugzilla/Bug.pm5
1 files changed, 5 insertions, 0 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 98547cd95..326c9d84d 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -3709,6 +3709,11 @@ sub AUTOLOAD {
$self->{_multi_selects} ||= [Bugzilla->get_fields(
{custom => 1, type => FIELD_TYPE_MULTI_SELECT })];
if ( grep($_->name eq $attr, @{$self->{_multi_selects}}) ) {
+ # There is a bug in Perl 5.10.0, which is fixed in 5.10.1,
+ # which taints $attr at this point. trick_taint() can go
+ # away once we require 5.10.1 or newer.
+ trick_taint($attr);
+
$self->{$attr} ||= Bugzilla->dbh->selectcol_arrayref(
"SELECT value FROM bug_$attr WHERE bug_id = ? ORDER BY value",
undef, $self->id);