diff options
author | justdave%syndicomm.com <> | 2001-12-30 14:46:24 +0100 |
---|---|---|
committer | justdave%syndicomm.com <> | 2001-12-30 14:46:24 +0100 |
commit | 668ec7dae535ce543f13ef5a36830da7421e1e68 (patch) | |
tree | 0d6cc71e092992eb066e89bdfa33937e6b95409f /showattachment.cgi | |
parent | d4f9c9fca320fa792f45e98204a1a7232f7c81a0 (diff) | |
download | bugzilla-668ec7dae535ce543f13ef5a36830da7421e1e68.tar.gz bugzilla-668ec7dae535ce543f13ef5a36830da7421e1e68.tar.xz |
SECURITY FIX for bug 109679: It was possible to send arbitrary SQL to buglist.cgi by altering the HTML form before submitting.
Patch by Dave Miller <justdave@syndicomm.com>
r= dkl, gerv
Diffstat (limited to 'showattachment.cgi')
0 files changed, 0 insertions, 0 deletions