aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2008-05-05 05:05:48 +0000
committerlpsolit%gmail.com <>2008-05-05 05:05:48 +0000
commitecaf3819ef8907f91134d61453f4e31e630c3c30 (patch)
tree644bfd5c07bc7365ba798002ec4bd8b6f3a751af /show_bug.cgi
parentBug 419188: [SECURITY] email_in.pl lets you set the changer as @reporter inst... (diff)
downloadbugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.gz
bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.bz2
bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.zip
Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=wurblzap a=LpSolit
Diffstat (limited to 'show_bug.cgi')
-rwxr-xr-xshow_bug.cgi2
1 files changed, 1 insertions, 1 deletions
diff --git a/show_bug.cgi b/show_bug.cgi
index 4e3aac982..782293af5 100755
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -100,7 +100,7 @@ $vars->{'marks'} = \%marks;
$vars->{'valid_keywords'} = [map($_->name, Bugzilla::Keyword->get_all)];
$vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count();
-my @bugids = map {$_->bug_id} @bugs;
+my @bugids = map {$_->bug_id} grep {!$_->error} @bugs;
$vars->{'bugids'} = join(", ", @bugids);
# Next bug in list (if there is one)