From: lpsolit%gmail.com <>
Date: Sat, 11 Mar 2006 09:09:22 +0000 (+0000)
Subject: Bug 329334: User::match_field() may redirect you outside your Bugzilla installation... 
X-Git-Tag: bugzilla-2.22~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=081426c2cb0ccb5ffd0693354a0a8ff6ffe6b740;p=thirdparty%2Fbugzilla.git

Bug 329334: User::match_field() may redirect you outside your Bugzilla installation - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=myk
---

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 7288ab30e8..baf67f6983 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1091,7 +1091,7 @@ sub match_field {
     my $template = Bugzilla->template;
     my $vars = {};
 
-    $vars->{'script'}        = $ENV{'SCRIPT_NAME'}; # for self-referencing URLs
+    $vars->{'script'}        = Bugzilla->cgi->url(-relative => 1); # for self-referencing URLs
     $vars->{'fields'}        = $fields; # fields being matched
     $vars->{'matches'}       = $matches; # matches that were made
     $vars->{'matchsuccess'}  = $matchsuccess; # continue or fail