diff options
| author | mkanat%bugzilla.org <> | 2009-09-11 18:10:13 +0200 |
|---|---|---|
| committer | mkanat%bugzilla.org <> | 2009-09-11 18:10:13 +0200 |
| commit | 7380ea9ae11764633a4b6e64850da2d84b2aaeb2 (patch) | |
| tree | ab2e70e86df3d8ed53a09032777e6168d674cc6c /Bugzilla/WebService/Bug.pm | |
| parent | 7fda8c351dd6c9621d85c9b29c5c6baa2f1eaba3 (diff) | |
| download | bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.gz bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.xz | |
Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165)
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
Diffstat (limited to 'Bugzilla/WebService/Bug.pm')
| -rw-r--r-- | Bugzilla/WebService/Bug.pm | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index c6d620976..44382e79f 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -258,6 +258,7 @@ sub search { } $params = _map_fields($params); + delete $params->{WHERE}; # Do special search types for certain fields. if ( my $bug_when = delete $params->{delta_ts} ) { |