From a4e75a434f1fbbae4b438927ae02958baad7f1b7 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Mon, 3 Nov 2003 11:31:30 +0000
Subject: [SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e.
 usually an administrator) can inject arbitrary SQL via the URL used to edit
 an existing keyword. Patch by Joel Peshkin <bugreport@peshkin.net> r=
 justdave, zach  a= justdave

---
 editkeywords.cgi | 1 +
 1 file changed, 1 insertion(+)

(limited to 'editkeywords.cgi')

diff --git a/editkeywords.cgi b/editkeywords.cgi
index 073dfbb9d..7af0c1a6c 100755
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -126,6 +126,7 @@ unless (UserInGroup("editkeywords")) {
 
 
 my $action  = trim($::FORM{action}  || '');
+detaint_natural($::FORM{id});
 
 
 if ($action eq "") {
-- 
cgit v1.2.3-24-g4f1b