diff options
| author |   Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 14:29:01 +0000 |
|---|---|---|
| committer |   David Lawrence <dkl@mozilla.com> | 2014-10-06 14:29:01 +0000 |
| commit | 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch) | |
| tree | 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /userprefs.cgi | |
| parent | Bug 1071276: Markdown comment checkbox value is not passed through properly w... (diff) | |
| download | bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.bz2 bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.zip | |
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'userprefs.cgi')
| -rwxr-xr-x | userprefs.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index ad5fb7d19..1f5f625f7 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -544,7 +544,7 @@ sub SaveApiKey { if ($cgi->param('new_key')) { $vars->{new_key} = Bugzilla::User::APIKey->create({ user_id => $user->id, - description => $cgi->param('new_description'), + description => scalar $cgi->param('new_description'), }); # As a security precaution, we always sent out an e-mail when |