Bug 987940: arbitrary product name (text) injection in guided workflow

author: Byron Jones <glob@mozilla.com> 2014-04-02 16:21:12 +0200
committer: Byron Jones <glob@mozilla.com> 2014-04-02 16:21:12 +0200
commit: b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f (patch)
tree: 88ea20d0cb324a8ec3280f77bd5225ae04555141 /extensions/GuidedBugEntry
parent: f8a258de8911f3e1035739c105bec1fa94a6d7db (diff)
download: bugzilla-b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f.tar.gz
bugzilla-b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/extensions/GuidedBugEntry/web/js/guided.js b/extensions/GuidedBugEntry/web/js/guided.js
index 5cb2839d2..b28c59d77 100644
--- a/extensions/GuidedBugEntry/web/js/guided.js
+++ b/extensions/GuidedBugEntry/web/js/guided.js
@@ -212,6 +212,8 @@ var product = {
             data = YAHOO.lang.JSON.parse(res.responseText);
             if (data.error)
               throw(data.error.message);
+            if (data.result.products.length == 0)
+              document.location.href = 'enter_bug.cgi?format=guided';
             product.details = data.result.products[0];
             bugForm.onProductUpdated();
           } catch (err) {
author	Byron Jones <glob@mozilla.com>	2014-04-02 16:21:12 +0200
committer	Byron Jones <glob@mozilla.com>	2014-04-02 16:21:12 +0200
commit	b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f (patch)
tree	88ea20d0cb324a8ec3280f77bd5225ae04555141 /extensions/GuidedBugEntry
parent	f8a258de8911f3e1035739c105bec1fa94a6d7db (diff)
download	bugzilla-b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f.tar.gz bugzilla-b9793ff0f4ad8d2ec4b26a8216e0484d5accf79f.tar.xz