diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 14:29:01 +0000 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 14:29:01 +0000 |
| commit | 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch) | |
| tree | 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /Bugzilla | |
| parent | 553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff) | |
| download | bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.bz2 bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.zip | |
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Chart.pm | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm index c8cd41b52..3c69006aa 100644 --- a/Bugzilla/Chart.pm +++ b/Bugzilla/Chart.pm @@ -96,10 +96,9 @@ sub init { if ($self->{'datefrom'} && $self->{'dateto'} && $self->{'datefrom'} > $self->{'dateto'}) { - ThrowUserError("misarranged_dates", - {'datefrom' => $cgi->param('datefrom'), - 'dateto' => $cgi->param('dateto')}); - } + ThrowUserError('misarranged_dates', { 'datefrom' => scalar $cgi->param('datefrom'), + 'dateto' => scalar $cgi->param('dateto') }); + } } # Alter Chart so that the selected series are added to it. |