Validate value of $::FORM{who}. Thanks to Ed Korthof (edk@collab.net) for patch.

author: cyeh%bluemartini.com <> 2000-05-09 03:12:28 +0200
committer: cyeh%bluemartini.com <> 2000-05-09 03:12:28 +0200
commit: 6768b59c734cc24810dd86f2806f0e99fe80648f (patch)
tree: d620fcdf46052f51c8e2f1b15bae7c7c4eef9638 /CGI.pl
parent: f06cbb717b9c06411f2b7627cdd249f4d5aba469 (diff)
download: bugzilla-6768b59c734cc24810dd86f2806f0e99fe80648f.tar.gz
bugzilla-6768b59c734cc24810dd86f2806f0e99fe80648f.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/CGI.pl b/CGI.pl
index a0f667af3..2e782b6da 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -560,6 +560,11 @@ sub quietly_check_login() {
             }
         }
     }
+    # if 'who' is passed in, verify that it's a good value
+    if ($::FORM{'who'}) {
+        my $whoid = DBname_to_id($::FORM{'who'});
+        delete $::FORM{'who'} unless $whoid;
+    }
     if (!$loginok) {
         delete $::COOKIE{"Bugzilla_login"};
     }
author	cyeh%bluemartini.com <>	2000-05-09 03:12:28 +0200
committer	cyeh%bluemartini.com <>	2000-05-09 03:12:28 +0200
commit	6768b59c734cc24810dd86f2806f0e99fe80648f (patch)
tree	d620fcdf46052f51c8e2f1b15bae7c7c4eef9638 /CGI.pl
parent	f06cbb717b9c06411f2b7627cdd249f4d5aba469 (diff)
download	bugzilla-6768b59c734cc24810dd86f2806f0e99fe80648f.tar.gz bugzilla-6768b59c734cc24810dd86f2806f0e99fe80648f.tar.xz