From 9e186bdd5da79077f162351d61fd1163d6cfd622 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 6 Oct 2014 14:29:01 +0000
Subject: Bug 1075578: [SECURITY] Improper filtering of CGI arguments
 r=dkl,a=sgreen

---
 buglist.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index 5e84b340b..daee34c9b 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -945,7 +945,7 @@ if (scalar(@products) == 1) {
 # This is used in the "Zarroo Boogs" case.
 elsif (my @product_input = $cgi->param('product')) {
     if (scalar(@product_input) == 1 and $product_input[0] ne '') {
-        $one_product = Bugzilla::Product->new({ name => $cgi->param('product'), cache => 1 });
+        $one_product = Bugzilla::Product->new({ name => $product_input[0], cache => 1 });
     }
 }
 # We only want the template to use it if the user can actually 
-- 
cgit v1.2.3-24-g4f1b