Skip to content

bugzilla
bugzilla
Commit a4e75a43 authored by justdave%syndicomm.com's avatar justdave%syndicomm.com
Browse files
Options

[SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e. usually an…

[SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e. usually an administrator) can inject arbitrary SQL via the URL used to edit an existing keyword. Patch by Joel Peshkin <bugreport@peshkin.net> r= justdave, zach a= justdave
parent a30e5f2c
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 0 deletions
editkeywords.cgi
View file @ a4e75a43
......@@ -126,6 +126,7 @@ unless (UserInGroup("editkeywords")) {
my $action = trim($::FORM{action} || '');
detaint_natural($::FORM{id});
if ($action eq "") {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment