From f0bcee1a9eeb42a304fcb50f0038ff4bd1e13ab8 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Tue, 15 Aug 2006 01:07:19 +0000
Subject: Bug 348464: votes.cgi fails with a taint error Patch By Max
 Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave

---
 votes.cgi | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'votes.cgi')

diff --git a/votes.cgi b/votes.cgi
index 4ff85a410..880b69a0d 100755
--- a/votes.cgi
+++ b/votes.cgi
@@ -74,14 +74,14 @@ ValidateBugID($bug_id) if defined $bug_id;
 ################################################################################
 
 if ($action eq "show_bug") {
-    show_bug();
+    show_bug($bug_id);
 } 
 elsif ($action eq "show_user") {
-    show_user();
+    show_user($bug_id);
 }
 elsif ($action eq "vote") {
     record_votes() if Bugzilla->params->{'usevotes'};
-    show_user();
+    show_user($bug_id);
 }
 else {
     ThrowCodeError("unknown_action", {action => $action});
@@ -91,10 +91,10 @@ exit;
 
 # Display the names of all the people voting for this one bug.
 sub show_bug {
+    my ($bug_id) = @_;
     my $cgi = Bugzilla->cgi;
     my $dbh = Bugzilla->dbh;
     my $template = Bugzilla->template;
-    my $bug_id = $cgi->param('bug_id');
 
     ThrowCodeError("missing_bug_id") unless defined $bug_id;
 
@@ -115,11 +115,11 @@ sub show_bug {
 # Display all the votes for a particular user. If it's the user
 # doing the viewing, give them the option to edit them too.
 sub show_user {
+    my ($bug_id) = @_;
     my $cgi = Bugzilla->cgi;
     my $dbh = Bugzilla->dbh;
     my $user = Bugzilla->user;
     my $template = Bugzilla->template;
-    my $bug_id = $cgi->param('bug_id');
 
     # If a bug_id is given, and we're editing, we'll add it to the votes list.
     $bug_id ||= "";
-- 
cgit v1.2.3-24-g4f1b