Bug 160710 - Taint checking causes problem with rename function

r=joel, preed

webtools/bugzilla/template/en/default/account/prefs/prefs.html.tmpl

@@ -100,7 +100,16 @@
 <form method="post" action="userprefs.cgi">
   <input type="hidden" name="tab" value="[% current_tab.name %]">
 
-  [% PROCESS "account/prefs/${current_tab.name}.html.tmpl" IF current_tab.name.defined %]
+  [%# See bug 160710 for why this is done this way %]
+  [% IF current_tab.name == "account" %]
+    [% PROCESS "account/prefs/account.html.tmpl" %]
+  [% ELSIF current_tab.name == "email" %]
+    [% PROCESS "account/prefs/email.html.tmpl" %]
+  [% ELSIF current_tab.name == "footer" %]
+    [% PROCESS "account/prefs/footer.html.tmpl" %]
+  [% ELSIF current_tab.name == "permissions" %]
+    [% PROCESS "account/prefs/permissions.html.tmpl" %]
+  [% END %]
 
   [% IF current_tab.saveable %]
     <input type="hidden" name="dosave" value="1">

webtools/bugzilla/userprefs.cgi

@@ -370,6 +370,9 @@ $vars->{'changes_saved'} = $::FORM{'dosave'};
 
 my $current_tab_name = $::FORM{'tab'} || "account";
 
+# The SWITCH below makes sure that this is valid
+trick_taint($current_tab_name);
+
 $vars->{'current_tab_name'} = $current_tab_name;
 
 # Do any saving, and then display the current tab.
@@ -393,6 +396,8 @@ SWITCH: for ($current_tab_name) {
         DoPermissions();
         last SWITCH;
     };
+    ThrowUserError("Unknown tab <code>" . html_quote($current_tab_name)
+                   . "</code>");
 }
 
 # Generate and return the UI (HTML page) from the appropriate template.