summaryrefslogtreecommitdiffstats
path: root/reports.cgi
diff options
context:
space:
mode:
authorterry%mozilla.org <>2000-03-08 03:22:41 +0100
committerterry%mozilla.org <>2000-03-08 03:22:41 +0100
commitd38fe0e5cab4a7efaba8a79a22a85b0e67817441 (patch)
treed090c36e14e128eb6c65e3b4d5d576ba78647650 /reports.cgi
parent77f66018f328fe5321fa95d76515a187231ad1f0 (diff)
downloadbugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.tar.gz
bugzilla-d38fe0e5cab4a7efaba8a79a22a85b0e67817441.tar.xz
Patch by Brian Duggan <bduggan@oven.com> -- security improvements.
Diffstat (limited to 'reports.cgi')
-rwxr-xr-xreports.cgi8
1 files changed, 4 insertions, 4 deletions
diff --git a/reports.cgi b/reports.cgi
index 6c8ededcf..805de8da9 100755
--- a/reports.cgi
+++ b/reports.cgi
@@ -206,7 +206,7 @@ and bugs.reporter = report.userid
FIN
if( $::FORM{'product'} ne "-All-" ) {
- $query .= "and bugs.product='$::FORM{'product'}'";
+ $query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
$query .= <<FIN;
@@ -572,7 +572,7 @@ sub most_doomed_for_milestone
my $query;
$query = "select distinct assigned_to from bugs where target_milestone=\"$ms\"";
if( $::FORM{'product'} ne "-All-" ) {
- $query .= "and bugs.product='$::FORM{'product'}'";
+ $query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
$query .= <<FIN;
and
@@ -600,7 +600,7 @@ FIN
{
my $query = "select count(bug_id) from bugs,profiles where target_milestone=\"$ms\" and userid=assigned_to and userid=\"$person\"";
if( $::FORM{'product'} ne "-All-" ) {
- $query .= "and bugs.product='$::FORM{'product'}'";
+ $query .= "and bugs.product=".SqlQuote($::FORM{'product'})";
}
$query .= <<FIN;
and
@@ -696,7 +696,7 @@ sub most_recently_doomed
my $query;
$query = "select distinct assigned_to from bugs where bugs.bug_status='NEW' and target_milestone='' and bug_severity!='enhancement' and status_whiteboard='' and (product='Browser' or product='MailNews')";
if( $::FORM{'product'} ne "-All-" ) {
- $query .= "and bugs.product='$::FORM{'product'}'";
+ $query .= "and bugs.product=".SqlQuote($::FORM{'product'});
}
# End build up $query string