aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwurblzap%gmail.com <>2006-10-21 01:52:24 +0000
committerwurblzap%gmail.com <>2006-10-21 01:52:24 +0000
commitea2d2a47281ac947297587c2619df190bf3c23c4 (patch)
tree61367f4bdb2fa5d419a0aedd29e675b5801c3d83 /editusers.cgi
parentBug 357005: 'cf_' should not be allowed as a custom field name (diff)
downloadbugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.tar.gz
bugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.tar.bz2
bugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.zip
Bug 340538: Insecure dependency in exec while running with -T switch at /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16.
Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-xeditusers.cgi7
1 files changed, 2 insertions, 5 deletions
diff --git a/editusers.cgi b/editusers.cgi
index 19e7ea587..5f356fb40 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -257,14 +257,13 @@ if ($action eq 'search') {
my @values;
if ($login ne $otherUser->login) {
- # Validate, then trick_taint.
+ # Validating untaints for us.
$login || ThrowUserError('user_login_required');
validate_email_syntax($login)
|| ThrowUserError('illegal_email_address', {addr => $login});
is_available_username($login)
|| ThrowUserError('account_exists', {email => $login});
- trick_taint($login);
push(@changedFields, 'login_name');
push(@values, $login);
$logoutNeeded = 1;
@@ -280,9 +279,8 @@ if ($action eq 'search') {
push(@values, $realname);
}
if ($password) {
- # Validate, then trick_taint.
+ # Validating untaints for us.
validate_password($password) if $password;
- trick_taint($password);
push(@changedFields, 'cryptpassword');
push(@values, bz_crypt($password));
$logoutNeeded = 1;
@@ -296,7 +294,6 @@ if ($action eq 'search') {
$logoutNeeded = 1;
}
if ($disable_mail != $otherUser->email_disabled) {
- trick_taint($disable_mail);
push(@changedFields, 'disable_mail');
push(@values, $disable_mail);
}