De-tainting a number
David Miller
justdave at syndicomm.com
Fri Jul 25 15:20:57 UTC 2003
On 7/25/2003 10:05 AM -0500, David Miller wrote:
> On 7/25/2003 3:10 PM +0100, Mark Ingram wrote:
>
>> I have the following line:
>>
>> SendSQL("INSERT INTO bugs (reg_test) VALUES (" .
>>SqlQuote($reg_test) . ")
>> WHERE bug_id = $bugid");
>>
>> which isnt working obviously because the $bugid is still tainted. How do i
>> de-taint a number?
>
> detaint_natural($bugid) || ThrowUserError("invalid_bug_id");
>
> You'll have to double-check the error tag, I don't remember them all. The
> errors are in template/en/default/global/user-error.html.tmpl
You can do "perldoc Bugzilla::Util" from your Bugzilla directory for more
complete documentation on detaint_natural and trick_taint.
--
Dave Miller Project Leader, Bugzilla Bug Tracking System
http://www.justdave.net/ http://www.bugzilla.org/
More information about the developers
mailing list