Validate value of $::FORM{who}. Thanks to Ed Korthof (edk@collab.net) for patch.

author cyeh%bluemartini.com <>

Tue, 9 May 2000 01:12:28 +0000 (01:12 +0000)

committer cyeh%bluemartini.com <>

Tue, 9 May 2000 01:12:28 +0000 (01:12 +0000)
author cyeh%bluemartini.com <>
Tue, 9 May 2000 01:12:28 +0000 (01:12 +0000)
committer cyeh%bluemartini.com <>
Tue, 9 May 2000 01:12:28 +0000 (01:12 +0000)
diff --git a/CGI.pl b/CGI.pl

index a0f667af3b8c223ec63252d7526d408e8fd92849..2e782b6dad34211692546f1c02dae758aa1a999d 100644 (file)
--- a/CGI.pl
+++ b/CGI.pl
@@ -560,6 +560,11 @@ sub quietly_check_login() {
              }
          }
      }
+    # if 'who' is passed in, verify that it's a good value
+    if ($::FORM{'who'}) {
+        my $whoid = DBname_to_id($::FORM{'who'});
+        delete $::FORM{'who'} unless $whoid;
+    }
      if (!$loginok) {
          delete $::COOKIE{"Bugzilla_login"};
      }
author	cyeh%bluemartini.com <>
	Tue, 9 May 2000 01:12:28 +0000 (01:12 +0000)
committer	cyeh%bluemartini.com <>
	Tue, 9 May 2000 01:12:28 +0000 (01:12 +0000)