From: lpsolit%gmail.com <>
Date: Sat, 11 Mar 2006 09:11:43 +0000 (+0000)
Subject: Bug 329334: User::match_field() may redirect you outside your Bugzilla installation... 
X-Git-Tag: bugzilla-2.20.2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc6488a1aa37b2b745496aa2619c5ea63f1318fc;p=thirdparty%2Fbugzilla.git

Bug 329334: User::match_field() may redirect you outside your Bugzilla installation - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=myk
---

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 7f2bff4c53..226c1e15c9 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -982,7 +982,7 @@ sub match_field {
     # Skip confirmation if we were told to, or if we don't need to confirm.
     return $retval if ($behavior == MATCH_SKIP_CONFIRM || !$need_confirm);
 
-    $vars->{'script'}        = $ENV{'SCRIPT_NAME'}; # for self-referencing URLs
+    $vars->{'script'}        = Bugzilla->cgi->url(-relative => 1); # for self-referencing URLs
     $vars->{'fields'}        = $fields; # fields being matched
     $vars->{'matches'}       = $matches; # matches that were made
     $vars->{'matchsuccess'}  = $matchsuccess; # continue or fail