diff options
| author |   Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 14:29:01 +0000 |
|---|---|---|
| committer |   David Lawrence <dkl@mozilla.com> | 2014-10-06 14:29:01 +0000 |
| commit | 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch) | |
| tree | 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /buglist.cgi | |
| parent | Bug 1071276: Markdown comment checkbox value is not passed through properly w... (diff) | |
| download | bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.bz2 bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.zip | |
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/buglist.cgi b/buglist.cgi index 5e84b340b..daee34c9b 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -945,7 +945,7 @@ if (scalar(@products) == 1) { # This is used in the "Zarroo Boogs" case. elsif (my @product_input = $cgi->param('product')) { if (scalar(@product_input) == 1 and $product_input[0] ne '') { - $one_product = Bugzilla::Product->new({ name => $cgi->param('product'), cache => 1 }); + $one_product = Bugzilla::Product->new({ name => $product_input[0], cache => 1 }); } } # We only want the template to use it if the user can actually |