From: bugreport%peshkin.net <>
Date: Sat, 10 Jul 2004 15:05:24 +0000 (+0000)
Subject: Bug 237627: Validate dataset names in reports.cgi
X-Git-Tag: bugzilla-2.16.6~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70aa75f98f2869f84b6118c4ea3134b70e1452e5;p=thirdparty%2Fbugzilla.git

Bug 237627: Validate dataset names in reports.cgi
patch by teemu
r=vladd
a=justdave
---

diff --git a/reports.cgi b/reports.cgi
index 2d91ebc619..eb7d5fa303 100755
--- a/reports.cgi
+++ b/reports.cgi
@@ -530,7 +530,7 @@ sub chart_image_name {
     # Instead, just require that each field name consists only of letters
     # and number
 
-    if ($FORM{'datasets'} !~ m/[A-Za-z0-9:]/) {
+    if ($FORM{'datasets'} !~ m/^[A-Za-z0-9:]+$/) {
         die "Invalid datasets $FORM{'datasets'}";
     }
     # Since we pass the tests, consider it OK