Bug 225687 - add group controls to charts, along with various other cleanups. Patch by gerv; r=joel, a=justdave.

1 files changed, 9 insertions, 3 deletions

diff --git a/editcomponents.cgi b/editcomponents.cgi
index 864986d80..865350e9b 100755
--- a/editcomponents.cgi
+++ b/editcomponents.cgi
@@ -34,6 +34,7 @@ require "globals.pl";
 use Bugzilla::Constants;
 use Bugzilla::Config qw(:DEFAULT $datadir);
 use Bugzilla::Series;
+use Bugzilla::Util;
 
 # Shut up misguided -w warnings about "used only once".  For some reason,
 # "use vars" chokes on me when I try it here.
@@ -455,15 +456,20 @@ if ($action eq 'new') {
     GetVersionTable();
 
     my @series;
-    my $prodcomp = "&product=$product&component=$component";
 
+    my $prodcomp = "&product=" . url_quote($product) . 
+                   "&component=" . url_quote($component);
+                    
     # For localisation reasons, we get the title of the queries from the
     # submitted form.
     my $open_name = $cgi->param('open_name');
     my $closed_name = $cgi->param('closed_name');
     my @openedstatuses = ("UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED");
-    my $statuses = join("&", map { "bug_status=$_" } @openedstatuses) . $prodcomp;
-    my $resolved = "field0-0-0=resolution&type0-0-0=notequals&value0-0-0=---" . $prodcomp;
+    my $statuses = 
+              join("&", map { "bug_status=" . url_quote($_) } @openedstatuses) . 
+              $prodcomp;
+    my $resolved = "field0-0-0=resolution&type0-0-0=notequals&value0-0-0=---" . 
+                   $prodcomp;
 
     # trick_taint is ok here, as these variables aren't used as a command
     # or in SQL unquoted