git.ipfire.org Git - thirdparty/bugzilla.git/commit

]> git.ipfire.org Git - thirdparty/bugzilla.git/commit

projects / thirdparty / bugzilla.git / commit

author	justdave%syndicomm.com <>
	Mon, 3 Nov 2003 11:44:38 +0000 (11:44 +0000)
committer	justdave%syndicomm.com <>
	Mon, 3 Nov 2003 11:44:38 +0000 (11:44 +0000)
commit	3721adcbb24af056e245622f2fc4bdfabe97965e
tree	c041f3025d31f156342ad97754cff33699f397cd	tree \| snapshot
parent	915041acc095f839a59127b936392bdd46b95da8	commit \| diff

[SECURITY] Bug 214290: A user with 'editproducts' privileges (i.e. usually an administrator) can select arbitrary SQL to be run by the nightly statistics cron job (collectstats.pl), by giving a product a special name.
Patch by Dave Miller <justdave@bugzilla.org>
r= gerv, bbaetz a= justdave

collectstats.pl

diff | blob | blame | history

Mirror of https://github.com/bugzilla/bugzilla.git

RSS Atom