diff options
| author |   terry%mozilla.org <> | 2000-03-08 02:22:41 +0000 |
|---|---|---|
| committer | terry%mozilla.org <> | 2000-03-08 02:22:41 +0000 |
| commit | d38fe0e5cab4a7efaba8a79a22a85b0e67817441 (patch) | |
| tree | d090c36e14e128eb6c65e3b4d5d576ba78647650 /showattachment.cgi | |
| parent | Contribution by Eli Goldberg <eli@prometheus-music.com> -- generic (diff) | |
| download | bugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.tar.gz bugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.tar.bz2 bugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.zip | |
Patch by Brian Duggan <bduggan@oven.com> -- security improvements.
Diffstat (limited to 'showattachment.cgi')
| -rwxr-xr-x | showattachment.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/showattachment.cgi b/showattachment.cgi index d5dcfb8df..4a1864b3b 100755 --- a/showattachment.cgi +++ b/showattachment.cgi @@ -29,7 +29,7 @@ ConnectToDatabase(); my @row; if (defined $::FORM{'attach_id'}) { - SendSQL("select mimetype, thedata from attachments where attach_id = $::FORM{'attach_id'}"); + SendSQL("select mimetype, thedata from attachments where attach_id =".SqlQuote($::FORM{'attach_id'}); @row = FetchSQLData(); } if (!@row) { |