diff options
author | mkanat%bugzilla.org <> | 2006-08-15 01:10:13 +0000 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2006-08-15 01:10:13 +0000 |
commit | 10ece7637657f06eea27bb1ab06da35ca8a78765 (patch) | |
tree | 8dd0beda369843499416f34bcdf18f202892d58b /editkeywords.cgi | |
parent | Bug 348464: votes.cgi fails with a taint error (diff) | |
download | bugzilla-10ece7637657f06eea27bb1ab06da35ca8a78765.tar.gz bugzilla-10ece7637657f06eea27bb1ab06da35ca8a78765.tar.bz2 bugzilla-10ece7637657f06eea27bb1ab06da35ca8a78765.zip |
Bug 348529: Editing keywords results in a "Software Error"
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
Diffstat (limited to 'editkeywords.cgi')
-rwxr-xr-x | editkeywords.cgi | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/editkeywords.cgi b/editkeywords.cgi index 7b94dbbe3..f2403c372 100755 --- a/editkeywords.cgi +++ b/editkeywords.cgi @@ -34,6 +34,25 @@ my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; +sub Validate { + my ($name, $description) = @_; + if ($name eq "") { + ThrowUserError("keyword_blank_name"); + } + if ($name =~ /[\s,]/) { + ThrowUserError("keyword_invalid_name"); + } + if ($description eq "") { + ThrowUserError("keyword_blank_description"); + } + # It is safe to detaint these values as they are only + # used in placeholders. + trick_taint($name); + $_[0] = $name; + trick_taint($description); + $_[1] = $description; +} + sub ValidateKeyID { my $id = shift; |