diff options
author | Byron Jones <glob@mozilla.com> | 2014-04-02 16:21:12 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2014-04-02 16:21:12 +0200 |
commit | b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f (patch) | |
tree | 88ea20d0cb324a8ec3280f77bd5225ae04555141 /extensions/GuidedBugEntry | |
parent | f8a258de8911f3e1035739c105bec1fa94a6d7db (diff) | |
download | bugzilla-b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f.tar.gz bugzilla-b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f.tar.xz |
Bug 987940: arbitrary product name (text) injection in guided workflow
Diffstat (limited to 'extensions/GuidedBugEntry')
-rw-r--r-- | extensions/GuidedBugEntry/web/js/guided.js | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/extensions/GuidedBugEntry/web/js/guided.js b/extensions/GuidedBugEntry/web/js/guided.js index 5cb2839d2..b28c59d77 100644 --- a/extensions/GuidedBugEntry/web/js/guided.js +++ b/extensions/GuidedBugEntry/web/js/guided.js @@ -212,6 +212,8 @@ var product = { data = YAHOO.lang.JSON.parse(res.responseText); if (data.error) throw(data.error.message); + if (data.result.products.length == 0) + document.location.href = 'enter_bug.cgi?format=guided'; product.details = data.result.products[0]; bugForm.onProductUpdated(); } catch (err) { |