diff options
author | lpsolit%gmail.com <> | 2008-05-05 05:05:48 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2008-05-05 05:05:48 +0000 |
commit | ecaf3819ef8907f91134d61453f4e31e630c3c30 (patch) | |
tree | 644bfd5c07bc7365ba798002ec4bd8b6f3a751af /show_bug.cgi | |
parent | Bug 419188: [SECURITY] email_in.pl lets you set the changer as @reporter inst... (diff) | |
download | bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.gz bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.bz2 bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.zip |
Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=wurblzap a=LpSolit
Diffstat (limited to 'show_bug.cgi')
-rwxr-xr-x | show_bug.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/show_bug.cgi b/show_bug.cgi index 4e3aac982..782293af5 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -100,7 +100,7 @@ $vars->{'marks'} = \%marks; $vars->{'valid_keywords'} = [map($_->name, Bugzilla::Keyword->get_all)]; $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count(); -my @bugids = map {$_->bug_id} @bugs; +my @bugids = map {$_->bug_id} grep {!$_->error} @bugs; $vars->{'bugids'} = join(", ", @bugids); # Next bug in list (if there is one) |