From 3a3636a8e51513cda6979bf13c02f573d1e9737f Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 13 Nov 2012 18:56:26 +0100
Subject: Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped
 correctly in tabular reports r=dkl a=LpSolit

---
 report.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'report.cgi')

diff --git a/report.cgi b/report.cgi
index cc43e66e4..5d5033b7d 100755
--- a/report.cgi
+++ b/report.cgi
@@ -354,5 +354,5 @@ sub get_field_restrictions {
     my $field = shift;
     my $cgi = Bugzilla->cgi;
 
-    return join('&', map {"$field=$_"} $cgi->param($field));
+    return join('&amp;', map {url_quote($field) . '=' . url_quote($_)} $cgi->param($field));
 }
-- 
cgit v1.2.3-24-g4f1b