diff options
author | wurblzap%gmail.com <> | 2006-10-21 01:52:24 +0000 |
---|---|---|
committer | wurblzap%gmail.com <> | 2006-10-21 01:52:24 +0000 |
commit | ea2d2a47281ac947297587c2619df190bf3c23c4 (patch) | |
tree | 61367f4bdb2fa5d419a0aedd29e675b5801c3d83 /editusers.cgi | |
parent | Bug 357005: 'cf_' should not be allowed as a custom field name (diff) | |
download | bugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.tar.gz bugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.tar.bz2 bugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.zip |
Bug 340538: Insecure dependency in exec while running with -T switch at /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16.
Patch by Marc Schumann <wurblzap@gmail.com>,
r=LpSolit, a=myk
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-x | editusers.cgi | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/editusers.cgi b/editusers.cgi index 19e7ea587..5f356fb40 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -257,14 +257,13 @@ if ($action eq 'search') { my @values; if ($login ne $otherUser->login) { - # Validate, then trick_taint. + # Validating untaints for us. $login || ThrowUserError('user_login_required'); validate_email_syntax($login) || ThrowUserError('illegal_email_address', {addr => $login}); is_available_username($login) || ThrowUserError('account_exists', {email => $login}); - trick_taint($login); push(@changedFields, 'login_name'); push(@values, $login); $logoutNeeded = 1; @@ -280,9 +279,8 @@ if ($action eq 'search') { push(@values, $realname); } if ($password) { - # Validate, then trick_taint. + # Validating untaints for us. validate_password($password) if $password; - trick_taint($password); push(@changedFields, 'cryptpassword'); push(@values, bz_crypt($password)); $logoutNeeded = 1; @@ -296,7 +294,6 @@ if ($action eq 'search') { $logoutNeeded = 1; } if ($disable_mail != $otherUser->email_disabled) { - trick_taint($disable_mail); push(@changedFields, 'disable_mail'); push(@values, $disable_mail); } |