[SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e. usually an adminis...

Patch by Joel Peshkin <bugreport@peshkin.net>
r= justdave, zach   a= justdave

diff --git a/editkeywords.cgi b/editkeywords.cgi
index 51294206dcb11aef5d7ebb2a1d93084dc0d95f1a..2dbbeb6f3c1409786998038d22f3ca045145c62f 100755 (executable)
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -123,6 +123,7 @@ unless (UserInGroup("editkeywords")) {
 
 
 my $action  = trim($::FORM{action}  || '');
+detaint_natural($::FORM{id});
 
 
 if ($action eq "") {