From 6768b59c734cc24810dd86f2806f0e99fe80648f Mon Sep 17 00:00:00 2001
From: "cyeh%bluemartini.com" <>
Date: Tue, 9 May 2000 01:12:28 +0000
Subject: Validate value of $::FORM{who}. Thanks to Ed Korthof (edk@collab.net)
 for patch.

---
 CGI.pl | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'CGI.pl')

diff --git a/CGI.pl b/CGI.pl
index a0f667af3..2e782b6da 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -560,6 +560,11 @@ sub quietly_check_login() {
             }
         }
     }
+    # if 'who' is passed in, verify that it's a good value
+    if ($::FORM{'who'}) {
+        my $whoid = DBname_to_id($::FORM{'who'});
+        delete $::FORM{'who'} unless $whoid;
+    }
     if (!$loginok) {
         delete $::COOKIE{"Bugzilla_login"};
     }
-- 
cgit v1.2.3-24-g4f1b