De-tainting a number
David Miller
justdave at syndicomm.com
Fri Jul 25 15:05:28 UTC 2003
On 7/25/2003 3:10 PM +0100, Mark Ingram wrote:
> I have the following line:
>
> SendSQL("INSERT INTO bugs (reg_test) VALUES (" .
>SqlQuote($reg_test) . ")
> WHERE bug_id = $bugid");
>
> which isnt working obviously because the $bugid is still tainted. How do i
> de-taint a number?
detaint_natural($bugid) || ThrowUserError("invalid_bug_id");
You'll have to double-check the error tag, I don't remember them all. The
errors are in template/en/default/global/user-error.html.tmpl
--
Dave Miller Project Leader, Bugzilla Bug Tracking System
http://www.justdave.net/ http://www.bugzilla.org/
More information about the developers
mailing list