From e40fae0dfa8b41780fc927f260b6cd5f1a738ae4 Mon Sep 17 00:00:00 2001
From: "jouni%heikniemi.net" <>
Date: Sun, 23 May 2004 14:32:00 +0000
Subject: Bug 224021: taint issues in editusers.cgi Patch by byron jones
 <bugzilla@glob.com.au> r=jouni, a=justdave

---
 editusers.cgi | 1 +
 1 file changed, 1 insertion(+)

(limited to 'editusers.cgi')

diff --git a/editusers.cgi b/editusers.cgi
index abe4b6194..f83a64984 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -323,6 +323,7 @@ if ($action eq 'list') {
       $query = "SELECT login_name,realname,disabledtext " .
           "FROM profiles WHERE " . $::FORM{'query'} . " ORDER BY login_name";
     } elsif (exists $::FORM{'group'}) {
+      detaint_natural($::FORM{'group'});
       $query = "SELECT DISTINCT login_name,realname,disabledtext " .
           "FROM profiles, user_group_map WHERE profiles.userid = user_group_map.user_id
            AND group_id=" . $::FORM{'group'} . " ORDER BY login_name";
-- 
cgit v1.2.3-24-g4f1b