From: bugreport%peshkin.net <>
Date: Sat, 10 Jul 2004 15:03:15 +0000 (+0000)
Subject: Bug 237627: Validate dataset name in reports.cgi
X-Git-Tag: bugzilla-2.18rc1~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51bfafc74aa20129399ffe076ee526cb745dc371;p=thirdparty%2Fbugzilla.git

Bug 237627: Validate dataset name in reports.cgi
patch by teemu
r=justdave
a=justdave
---

diff --git a/reports.cgi b/reports.cgi
index 01ce992772..685b16418d 100755
--- a/reports.cgi
+++ b/reports.cgi
@@ -234,7 +234,7 @@ sub chart_image_name {
     # Instead, just require that each field name consists only of letters
     # and number
 
-    if ($datasets !~ m/[A-Za-z0-9:]/) {
+    if ($datasets !~ m/^[A-Za-z0-9:]+$/) {
         die "Invalid datasets $datasets";
     }