Bug 224021: taint issues in editusers.cgi

Patch by byron jones <bugzilla@glob.com.au> r=jouni, a=justdave

Bug 224021: taint issues in editusers.cgi
e40fae0d · jouni%heikniemi.net · 39e9e3e6 · e40fae0d
Commit e40fae0d authored May 23, 2004 by jouni%heikniemi.net
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

editusers.cgi editusers.cgi +1 -0

No files found.
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -323,6 +323,7 @@ if ($action eq 'list') {
      $query = "SELECT login_name,realname,disabledtext " .
          "FROM profiles WHERE " . $::FORM{'query'} . " ORDER BY login_name";
    } elsif (exists $::FORM{'group'}) {
+      detaint_natural($::FORM{'group'});
      $query = "SELECT DISTINCT login_name,realname,disabledtext " .
          "FROM profiles, user_group_map WHERE profiles.userid = user_group_map.user_id
           AND group_id=" . $::FORM{'group'} . " ORDER BY login_name";