Bug 224021: taint issues in editusers.cgi

Patch by byron jones <bugzilla@glob.com.au> r=jouni, a=justdave
author: jouni%heikniemi.net <> 2004-05-23 16:32:00 +0200
committer: jouni%heikniemi.net <> 2004-05-23 16:32:00 +0200
commit: e40fae0dfa8b41780fc927f260b6cd5f1a738ae4 (patch)
tree: 1c31fe1fbf62928b94b31c4930ef7848d5106135 /editusers.cgi
parent: 39e9e3e67ce70d2fa7fefe947a6592f2541ba6ef (diff)
download: bugzilla-e40fae0dfa8b41780fc927f260b6cd5f1a738ae4.tar.gz
bugzilla-e40fae0dfa8b41780fc927f260b6cd5f1a738ae4.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/editusers.cgi b/editusers.cgi
index abe4b6194..f83a64984 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -323,6 +323,7 @@ if ($action eq 'list') {
       $query = "SELECT login_name,realname,disabledtext " .
           "FROM profiles WHERE " . $::FORM{'query'} . " ORDER BY login_name";
     } elsif (exists $::FORM{'group'}) {
+      detaint_natural($::FORM{'group'});
       $query = "SELECT DISTINCT login_name,realname,disabledtext " .
           "FROM profiles, user_group_map WHERE profiles.userid = user_group_map.user_id
            AND group_id=" . $::FORM{'group'} . " ORDER BY login_name";
author	jouni%heikniemi.net <>	2004-05-23 16:32:00 +0200
committer	jouni%heikniemi.net <>	2004-05-23 16:32:00 +0200
commit	e40fae0dfa8b41780fc927f260b6cd5f1a738ae4 (patch)
tree	1c31fe1fbf62928b94b31c4930ef7848d5106135 /editusers.cgi
parent	39e9e3e67ce70d2fa7fefe947a6592f2541ba6ef (diff)
download	bugzilla-e40fae0dfa8b41780fc927f260b6cd5f1a738ae4.tar.gz bugzilla-e40fae0dfa8b41780fc927f260b6cd5f1a738ae4.tar.xz