diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 16:25:06 +0200 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 16:25:06 +0200 |
| commit | ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad (patch) | |
| tree | 3708d76568e9b7152fbb8dbe8c1b7b5690b8394c /buglist.cgi | |
| parent | b07267acd0301aef84aa74fc4aea39481cea6ad5 (diff) | |
| download | bugzilla-ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad.tar.gz bugzilla-ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad.tar.xz | |
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/buglist.cgi b/buglist.cgi index faeb56176..a7eb98df5 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -1014,7 +1014,7 @@ if (scalar(@products) == 1) { # This is used in the "Zarroo Boogs" case. elsif (my @product_input = $cgi->param('product')) { if (scalar(@product_input) == 1 and $product_input[0] ne '') { - $one_product = new Bugzilla::Product({ name => $cgi->param('product') }); + $one_product = new Bugzilla::Product({ name => $product_input[0] }); } } # We only want the template to use it if the user can actually |