Fix for bug 108822: Prevent any user from changing their own groupset.

Patch by Jake <jake@acutex.net>. r=bbaetz,myk
author: myk%mozilla.org <> 2001-11-08 09:54:15 +0100
committer: myk%mozilla.org <> 2001-11-08 09:54:15 +0100
commit: faefca3cf83c24365dd29cc874024d0cb82732f9 (patch)
tree: 378cd3589cfb6ae96af347469a8ad076c82ba90c /userprefs.cgi
parent: 6f66681a7a9d326e628e3a0e70de34fa20c4bb16 (diff)
download: bugzilla-faefca3cf83c24365dd29cc874024d0cb82732f9.tar.gz
bugzilla-faefca3cf83c24365dd29cc874024d0cb82732f9.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index bd5dcb4f2..bc0f1d672 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -495,8 +495,8 @@ sub SaveFooter {
             Error("Hmm, the $name query seems to have gone away.");
         }
     }
-    SendSQL("UPDATE profiles SET mybugslink = '" . $::FORM{'mybugslink'} .
-            "' WHERE userid = $userid");
+    SendSQL("UPDATE profiles SET mybugslink = " . SqlQuote($::FORM{'mybugslink'}) .
+            " WHERE userid = $userid");
 }
author	myk%mozilla.org <>	2001-11-08 09:54:15 +0100
committer	myk%mozilla.org <>	2001-11-08 09:54:15 +0100
commit	faefca3cf83c24365dd29cc874024d0cb82732f9 (patch)
tree	378cd3589cfb6ae96af347469a8ad076c82ba90c /userprefs.cgi
parent	6f66681a7a9d326e628e3a0e70de34fa20c4bb16 (diff)
download	bugzilla-faefca3cf83c24365dd29cc874024d0cb82732f9.tar.gz bugzilla-faefca3cf83c24365dd29cc874024d0cb82732f9.tar.xz