From 9e186bdd5da79077f162351d61fd1163d6cfd622 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 6 Oct 2014 14:29:01 +0000 Subject: Bug 1075578: [SECURITY] Improper filtering of CGI arguments r=dkl,a=sgreen --- buglist.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'buglist.cgi') diff --git a/buglist.cgi b/buglist.cgi index 5e84b340b..daee34c9b 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -945,7 +945,7 @@ if (scalar(@products) == 1) { # This is used in the "Zarroo Boogs" case. elsif (my @product_input = $cgi->param('product')) { if (scalar(@product_input) == 1 and $product_input[0] ne '') { - $one_product = Bugzilla::Product->new({ name => $cgi->param('product'), cache => 1 }); + $one_product = Bugzilla::Product->new({ name => $product_input[0], cache => 1 }); } } # We only want the template to use it if the user can actually -- cgit v1.2.3-24-g4f1b