aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-05 02:47:28 +0000
committerlpsolit%gmail.com <>2006-10-05 02:47:28 +0000
commit8d5dd5786873437f9fa840679cd94172e8ca30f1 (patch)
tree7c3d8599dfe32aa1326c2a2b50de1f22bb08f8d0 /buglist.cgi
parentBug 351178 renamed Bugzilla.get_version to Bugzilla.version and omitted (diff)
downloadbugzilla-8d5dd5786873437f9fa840679cd94172e8ca30f1.tar.gz
bugzilla-8d5dd5786873437f9fa840679cd94172e8ca30f1.tar.bz2
bugzilla-8d5dd5786873437f9fa840679cd94172e8ca30f1.zip
Bug 355230: [PostgreSQL] Crash if sharer_id is not an integer - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=myk
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-xbuglist.cgi3
1 files changed, 2 insertions, 1 deletions
diff --git a/buglist.cgi b/buglist.cgi
index d226ec8a8..44565f1af 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -221,8 +221,9 @@ sub LookupNamedQuery {
$name || ThrowUserError("query_name_missing");
trick_taint($name);
if ($sharer_id) {
- trick_taint($sharer_id);
$owner_id = $sharer_id;
+ detaint_natural($owner_id);
+ $owner_id || ThrowUserError('illegal_user_id', {'userid' => $sharer_id});
}
else {
$owner_id = $user->id;