Bug 1075578: [SECURITY] Improper filtering of CGI arguments

r=dkl,a=sgreen
author: Frédéric Buclin <LpSolit@gmail.com> 2014-10-06 14:29:01 +0000
committer: David Lawrence <dkl@mozilla.com> 2014-10-06 14:29:01 +0000
commit: 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree: 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /userprefs.cgi
parent: 553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff)
download: bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar
bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz
bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.bz2
bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz
bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index ad5fb7d19..1f5f625f7 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -544,7 +544,7 @@ sub SaveApiKey {
     if ($cgi->param('new_key')) {
         $vars->{new_key} = Bugzilla::User::APIKey->create({
             user_id     => $user->id,
-            description => $cgi->param('new_description'),
+            description => scalar $cgi->param('new_description'),
         });
 
         # As a security precaution, we always sent out an e-mail when
author	Frédéric Buclin <LpSolit@gmail.com>	2014-10-06 14:29:01 +0000
committer	David Lawrence <dkl@mozilla.com>	2014-10-06 14:29:01 +0000
commit	9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree	3ddcb53698d5f608dd9228b1632481f4a0fcc04f /userprefs.cgi
parent	553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff)
download	bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.bz2 bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.zip