From 9e186bdd5da79077f162351d61fd1163d6cfd622 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 6 Oct 2014 14:29:01 +0000
Subject: Bug 1075578: [SECURITY] Improper filtering of CGI arguments
 r=dkl,a=sgreen

---
 userprefs.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'userprefs.cgi')

diff --git a/userprefs.cgi b/userprefs.cgi
index ad5fb7d19..1f5f625f7 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -544,7 +544,7 @@ sub SaveApiKey {
     if ($cgi->param('new_key')) {
         $vars->{new_key} = Bugzilla::User::APIKey->create({
             user_id     => $user->id,
-            description => $cgi->param('new_description'),
+            description => scalar $cgi->param('new_description'),
         });
 
         # As a security precaution, we always sent out an e-mail when
-- 
cgit v1.2.3-24-g4f1b