summaryrefslogtreecommitdiffstats
path: root/extensions/GuidedBugEntry
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2014-04-02 16:21:12 +0200
committerByron Jones <glob@mozilla.com>2014-04-02 16:21:12 +0200
commitb9793ff0f4ad8d2ec4b26a8216e0484d5accf79f (patch)
tree88ea20d0cb324a8ec3280f77bd5225ae04555141 /extensions/GuidedBugEntry
parentf8a258de8911f3e1035739c105bec1fa94a6d7db (diff)
downloadbugzilla-b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f.tar.gz
bugzilla-b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f.tar.xz
Bug 987940: arbitrary product name (text) injection in guided workflow
Diffstat (limited to 'extensions/GuidedBugEntry')
-rw-r--r--extensions/GuidedBugEntry/web/js/guided.js2
1 files changed, 2 insertions, 0 deletions
diff --git a/extensions/GuidedBugEntry/web/js/guided.js b/extensions/GuidedBugEntry/web/js/guided.js
index 5cb2839d2..b28c59d77 100644
--- a/extensions/GuidedBugEntry/web/js/guided.js
+++ b/extensions/GuidedBugEntry/web/js/guided.js
@@ -212,6 +212,8 @@ var product = {
data = YAHOO.lang.JSON.parse(res.responseText);
if (data.error)
throw(data.error.message);
+ if (data.result.products.length == 0)
+ document.location.href = 'enter_bug.cgi?format=guided';
product.details = data.result.products[0];
bugForm.onProductUpdated();
} catch (err) {