Bug 1075578: [SECURITY] Improper filtering of CGI arguments

r=dkl,a=sgreen
author: Frédéric Buclin <LpSolit@gmail.com> 2014-10-06 16:29:01 +0200
committer: David Lawrence <dkl@mozilla.com> 2014-10-06 16:29:01 +0200
commit: 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree: 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /token.cgi
parent: 553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff)
download: bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz
bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/token.cgi b/token.cgi
index 145aa5225..830ecfccb 100755
--- a/token.cgi
+++ b/token.cgi
@@ -313,7 +313,7 @@ sub confirm_create_account {
 
     my $otheruser = Bugzilla::User->create({
         login_name => $login_name, 
-        realname   => $cgi->param('realname'), 
+        realname   => scalar $cgi->param('realname'),
         cryptpassword => $password});
 
     # Now delete this token.
author	Frédéric Buclin <LpSolit@gmail.com>	2014-10-06 16:29:01 +0200
committer	David Lawrence <dkl@mozilla.com>	2014-10-06 16:29:01 +0200
commit	9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree	3ddcb53698d5f608dd9228b1632481f4a0fcc04f /token.cgi
parent	553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff)
download	bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz