aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2006-08-15 01:07:19 +0000
committermkanat%bugzilla.org <>2006-08-15 01:07:19 +0000
commitf0bcee1a9eeb42a304fcb50f0038ff4bd1e13ab8 (patch)
tree785da6aa758b69b1150f5981b4cc49bb42121000
parent5ce0b3db0853855466b43a011ce0b964e837c1b5 (diff)
downloadbugs-f0bcee1a9eeb42a304fcb50f0038ff4bd1e13ab8.tar
bugs-f0bcee1a9eeb42a304fcb50f0038ff4bd1e13ab8.tar.gz
bugs-f0bcee1a9eeb42a304fcb50f0038ff4bd1e13ab8.tar.bz2
bugs-f0bcee1a9eeb42a304fcb50f0038ff4bd1e13ab8.tar.xz
bugs-f0bcee1a9eeb42a304fcb50f0038ff4bd1e13ab8.zip
Bug 348464: votes.cgi fails with a taint error
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
-rwxr-xr-xvotes.cgi10
1 files changed, 5 insertions, 5 deletions
diff --git a/votes.cgi b/votes.cgi
index 4ff85a410..880b69a0d 100755
--- a/votes.cgi
+++ b/votes.cgi
@@ -74,14 +74,14 @@ ValidateBugID($bug_id) if defined $bug_id;
################################################################################
if ($action eq "show_bug") {
- show_bug();
+ show_bug($bug_id);
}
elsif ($action eq "show_user") {
- show_user();
+ show_user($bug_id);
}
elsif ($action eq "vote") {
record_votes() if Bugzilla->params->{'usevotes'};
- show_user();
+ show_user($bug_id);
}
else {
ThrowCodeError("unknown_action", {action => $action});
@@ -91,10 +91,10 @@ exit;
# Display the names of all the people voting for this one bug.
sub show_bug {
+ my ($bug_id) = @_;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
- my $bug_id = $cgi->param('bug_id');
ThrowCodeError("missing_bug_id") unless defined $bug_id;
@@ -115,11 +115,11 @@ sub show_bug {
# Display all the votes for a particular user. If it's the user
# doing the viewing, give them the option to edit them too.
sub show_user {
+ my ($bug_id) = @_;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->user;
my $template = Bugzilla->template;
- my $bug_id = $cgi->param('bug_id');
# If a bug_id is given, and we're editing, we'll add it to the votes list.
$bug_id ||= "";