aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2006-08-15 01:10:13 +0000
committermkanat%bugzilla.org <>2006-08-15 01:10:13 +0000
commit10ece7637657f06eea27bb1ab06da35ca8a78765 (patch)
tree8dd0beda369843499416f34bcdf18f202892d58b /editkeywords.cgi
parentBug 348464: votes.cgi fails with a taint error (diff)
downloadbugzilla-10ece7637657f06eea27bb1ab06da35ca8a78765.tar.gz
bugzilla-10ece7637657f06eea27bb1ab06da35ca8a78765.tar.bz2
bugzilla-10ece7637657f06eea27bb1ab06da35ca8a78765.zip
Bug 348529: Editing keywords results in a "Software Error"
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
Diffstat (limited to 'editkeywords.cgi')
-rwxr-xr-xeditkeywords.cgi19
1 files changed, 19 insertions, 0 deletions
diff --git a/editkeywords.cgi b/editkeywords.cgi
index 7b94dbbe3..f2403c372 100755
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -34,6 +34,25 @@ my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
my $vars = {};
+sub Validate {
+ my ($name, $description) = @_;
+ if ($name eq "") {
+ ThrowUserError("keyword_blank_name");
+ }
+ if ($name =~ /[\s,]/) {
+ ThrowUserError("keyword_invalid_name");
+ }
+ if ($description eq "") {
+ ThrowUserError("keyword_blank_description");
+ }
+ # It is safe to detaint these values as they are only
+ # used in placeholders.
+ trick_taint($name);
+ $_[0] = $name;
+ trick_taint($description);
+ $_[1] = $description;
+}
+
sub ValidateKeyID {
my $id = shift;