From ecaf3819ef8907f91134d61453f4e31e630c3c30 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 5 May 2008 05:05:48 +0000
Subject: Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for
 format=multiple - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat
 r=wurblzap a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 show_bug.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'show_bug.cgi')

diff --git a/show_bug.cgi b/show_bug.cgi
index 4e3aac982..782293af5 100755
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -100,7 +100,7 @@ $vars->{'marks'} = \%marks;
 $vars->{'valid_keywords'} = [map($_->name, Bugzilla::Keyword->get_all)];
 $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count();
 
-my @bugids = map {$_->bug_id} @bugs;
+my @bugids = map {$_->bug_id} grep {!$_->error} @bugs;
 $vars->{'bugids'} = join(", ", @bugids);
 
 # Next bug in list (if there is one)
-- 
cgit v1.2.3-24-g4f1b