aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2014-10-06 14:29:01 +0000
committerDavid Lawrence <dkl@mozilla.com>2014-10-06 14:29:01 +0000
commit9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree3ddcb53698d5f608dd9228b1632481f4a0fcc04f /editflagtypes.cgi
parentBug 1071276: Markdown comment checkbox value is not passed through properly w... (diff)
downloadbugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz
bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.bz2
bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.zip
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'editflagtypes.cgi')
-rwxr-xr-xeditflagtypes.cgi21
1 files changed, 11 insertions, 10 deletions
diff --git a/editflagtypes.cgi b/editflagtypes.cgi
index 06144fc5c..d848d250a 100755
--- a/editflagtypes.cgi
+++ b/editflagtypes.cgi
@@ -41,23 +41,24 @@ my @products = @{$vars->{products}};
my $action = $cgi->param('action') || 'list';
my $token = $cgi->param('token');
-my $product = $cgi->param('product');
-my $component = $cgi->param('component');
+my $prod_name = $cgi->param('product');
+my $comp_name = $cgi->param('component');
my $flag_id = $cgi->param('id');
-if ($product) {
+my ($product, $component);
+
+if ($prod_name) {
# Make sure the user is allowed to view this product name.
# Users with global editcomponents privs can see all product names.
- ($product) = grep { lc($_->name) eq lc($product) } @products;
- $product || ThrowUserError('product_access_denied', { name => $cgi->param('product') });
+ ($product) = grep { lc($_->name) eq lc($prod_name) } @products;
+ $product || ThrowUserError('product_access_denied', { name => $prod_name });
}
-if ($component) {
- ($product && $product->id)
- || ThrowUserError('flag_type_component_without_product');
- ($component) = grep { lc($_->name) eq lc($component) } @{$product->components};
+if ($comp_name) {
+ $product || ThrowUserError('flag_type_component_without_product');
+ ($component) = grep { lc($_->name) eq lc($comp_name) } @{$product->components};
$component || ThrowUserError('product_unknown_component', { product => $product->name,
- comp => $cgi->param('component') });
+ comp => $comp_name });
}
# If 'categoryAction' is set, it has priority over 'action'.