From 9e186bdd5da79077f162351d61fd1163d6cfd622 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 6 Oct 2014 14:29:01 +0000
Subject: Bug 1075578: [SECURITY] Improper filtering of CGI arguments
 r=dkl,a=sgreen

---
 editgroups.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'editgroups.cgi')

diff --git a/editgroups.cgi b/editgroups.cgi
index 9c33a0ee3..287ac1114 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -224,7 +224,7 @@ if ($action eq 'new') {
 
 if ($action eq 'del') {
     # Check that an existing group ID is given
-    my $group = Bugzilla::Group->check({ id => $cgi->param('group') });
+    my $group = Bugzilla::Group->check({ id => scalar $cgi->param('group') });
     $group->check_remove({ test_only => 1 });
     $vars->{'shared_queries'} =
         $dbh->selectrow_array('SELECT COUNT(*)
@@ -248,7 +248,7 @@ if ($action eq 'del') {
 if ($action eq 'delete') {
     check_token_data($token, 'delete_group');
     # Check that an existing group ID is given
-    my $group = Bugzilla::Group->check({ id => $cgi->param('group') });
+    my $group = Bugzilla::Group->check({ id => scalar $cgi->param('group') });
     $vars->{'name'} = $group->name;
     $group->remove_from_db({
         remove_from_users => scalar $cgi->param('removeusers'),
-- 
cgit v1.2.3-24-g4f1b