summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbugreport%peshkin.net <>2004-07-10 16:12:21 +0200
committerbugreport%peshkin.net <>2004-07-10 16:12:21 +0200
commita987df219a7aa54ae2429488f9f5655402463dc5 (patch)
tree5c4c7870574439391143e1c47b38be08686585b3
parentc50567b310c406567adfc5a510adf080f9d33eb9 (diff)
downloadbugzilla-a987df219a7aa54ae2429488f9f5655402463dc5.tar.gz
bugzilla-a987df219a7aa54ae2429488f9f5655402463dc5.tar.xz
Bug 235510: Do not expose user password in URL to chart image if login required to access a chart
patch by gerv r=kiko a=justdave
-rwxr-xr-xchart.cgi3
1 files changed, 2 insertions, 1 deletions
diff --git a/chart.cgi b/chart.cgi
index b6f7f746b..d3f6f5ccc 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -284,7 +284,8 @@ sub wrap {
$vars->{'time'} = time();
$vars->{'imagebase'} = $cgi->canonicalise_query(
- "action", "action-wrap", "ctype", "format", "width", "height");
+ "action", "action-wrap", "ctype", "format", "width", "height",
+ "Bugzilla_login", "Bugzilla_password");
print "Content-Type:text/html\n\n";
$template->process("reports/chart.html.tmpl", $vars)