diff options
| author | lpsolit%gmail.com <> | 2008-05-05 07:05:48 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2008-05-05 07:05:48 +0200 |
| commit | ecaf3819ef8907f91134d61453f4e31e630c3c30 (patch) | |
| tree | 644bfd5c07bc7365ba798002ec4bd8b6f3a751af /show_bug.cgi | |
| parent | fd87911bb05e072c61628bd313579d06e95f2525 (diff) | |
| download | bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.gz bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.xz | |
Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=wurblzap a=LpSolit
Diffstat (limited to 'show_bug.cgi')
| -rwxr-xr-x | show_bug.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/show_bug.cgi b/show_bug.cgi index 4e3aac982..782293af5 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -100,7 +100,7 @@ $vars->{'marks'} = \%marks; $vars->{'valid_keywords'} = [map($_->name, Bugzilla::Keyword->get_all)]; $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count(); -my @bugids = map {$_->bug_id} @bugs; +my @bugids = map {$_->bug_id} grep {!$_->error} @bugs; $vars->{'bugids'} = join(", ", @bugids); # Next bug in list (if there is one) |