diff options
Diffstat (limited to 'show_bug.cgi')
-rwxr-xr-x | show_bug.cgi | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/show_bug.cgi b/show_bug.cgi index d4e6ea771..d2695a66f 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -20,6 +20,7 @@ use Bugzilla::Keyword; use Bugzilla::Bug; use Bugzilla::Hook; use Bugzilla::CGI; +use Bugzilla::Util qw(detaint_natural); my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; @@ -37,10 +38,6 @@ my $format = $template->get_format("bug/show", $format_params->{format}, $format_params->{ctype}); -if ($format_params->{format} eq 'modal') { - $cgi->content_security_policy(Bugzilla::CGI::SHOW_BUG_MODAL_CSP()); -} - # Editable, 'single' HTML bugs are treated slightly specially in a few places my $single = (!$format->{format} || $format->{format} ne 'multiple') && $format->{extension} eq 'html'; @@ -53,6 +50,13 @@ if (!$cgi->param('id') && $single) { exit; } +if ($format_params->{format} eq 'modal') { + my $bug_id = $cgi->param('id'); + detaint_natural($bug_id); + $cgi->content_security_policy(Bugzilla::CGI::SHOW_BUG_MODAL_CSP($bug_id)); +} + + my @bugs; my %marks; |