diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 16:29:01 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 16:29:01 +0200 |
commit | 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch) | |
tree | 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /editflagtypes.cgi | |
parent | 553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff) | |
download | bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz |
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'editflagtypes.cgi')
-rwxr-xr-x | editflagtypes.cgi | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/editflagtypes.cgi b/editflagtypes.cgi index 06144fc5c..d848d250a 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -41,23 +41,24 @@ my @products = @{$vars->{products}}; my $action = $cgi->param('action') || 'list'; my $token = $cgi->param('token'); -my $product = $cgi->param('product'); -my $component = $cgi->param('component'); +my $prod_name = $cgi->param('product'); +my $comp_name = $cgi->param('component'); my $flag_id = $cgi->param('id'); -if ($product) { +my ($product, $component); + +if ($prod_name) { # Make sure the user is allowed to view this product name. # Users with global editcomponents privs can see all product names. - ($product) = grep { lc($_->name) eq lc($product) } @products; - $product || ThrowUserError('product_access_denied', { name => $cgi->param('product') }); + ($product) = grep { lc($_->name) eq lc($prod_name) } @products; + $product || ThrowUserError('product_access_denied', { name => $prod_name }); } -if ($component) { - ($product && $product->id) - || ThrowUserError('flag_type_component_without_product'); - ($component) = grep { lc($_->name) eq lc($component) } @{$product->components}; +if ($comp_name) { + $product || ThrowUserError('flag_type_component_without_product'); + ($component) = grep { lc($_->name) eq lc($comp_name) } @{$product->components}; $component || ThrowUserError('product_unknown_component', { product => $product->name, - comp => $cgi->param('component') }); + comp => $comp_name }); } # If 'categoryAction' is set, it has priority over 'action'. |