[SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e. usually an…

[SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e. usually an administrator) can inject arbitrary SQL via the URL used to edit an existing keyword. Patch by Joel Peshkin <bugreport@peshkin.net> r= justdave, zach a= justdave
parent a30e5f2c
......@@ -126,6 +126,7 @@ unless (UserInGroup("editkeywords")) {
my $action = trim($::FORM{action} || '');
detaint_natural($::FORM{id});
if ($action eq "") {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment