From 9e186bdd5da79077f162351d61fd1163d6cfd622 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= Date: Mon, 6 Oct 2014 14:29:01 +0000 Subject: Bug 1075578: [SECURITY] Improper filtering of CGI arguments r=dkl,a=sgreen --- Bugzilla/Chart.pm | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'Bugzilla') diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm index c8cd41b52..3c69006aa 100644 --- a/Bugzilla/Chart.pm +++ b/Bugzilla/Chart.pm @@ -96,10 +96,9 @@ sub init { if ($self->{'datefrom'} && $self->{'dateto'} && $self->{'datefrom'} > $self->{'dateto'}) { - ThrowUserError("misarranged_dates", - {'datefrom' => $cgi->param('datefrom'), - 'dateto' => $cgi->param('dateto')}); - } + ThrowUserError('misarranged_dates', { 'datefrom' => scalar $cgi->param('datefrom'), + 'dateto' => scalar $cgi->param('dateto') }); + } } # Alter Chart so that the selected series are added to it. -- cgit v1.2.1