From aecf0a17d1689d957bc8854e55e499839798446f Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 13 Nov 2012 18:53:55 +0100
Subject: Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped
 correctly in tabular reports r=dkl a=LpSolit

---
 report.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'report.cgi')

diff --git a/report.cgi b/report.cgi
index de587f143..e70dcf4b2 100755
--- a/report.cgi
+++ b/report.cgi
@@ -387,5 +387,5 @@ sub get_field_restrictions {
     my $field = shift;
     my $cgi = Bugzilla->cgi;
 
-    return join('&', map {"$field=$_"} $cgi->param($field));
+    return join('&amp;', map {url_quote($field) . '=' . url_quote($_)} $cgi->param($field));
 }
-- 
cgit v1.2.3-24-g4f1b