diff options
Diffstat (limited to 'editproducts.cgi')
-rwxr-xr-x | editproducts.cgi | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/editproducts.cgi b/editproducts.cgi index f41aaa9e5..c539465af 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -397,6 +397,11 @@ if ($action eq 'new') { # Insert default charting queries for this product. # If they aren't using charting, this won't do any harm. GetVersionTable(); + + # $::FORM{'open_name'} and $product are sqlquoted by the series + # code and never used again here, so we can trick_taint them. + trick_taint($::FORM{'open_name'}); + trick_taint($product); my @series; |