From: cyeh%bluemartini.com <>
Date: Tue, 9 May 2000 01:12:28 +0000 (+0000)
Subject: Validate value of $::FORM{who}. Thanks to Ed Korthof (edk@collab.net) for patch.
X-Git-Tag: bugzilla-2.12~301
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6768b59c734cc24810dd86f2806f0e99fe80648f;p=thirdparty%2Fbugzilla.git

Validate value of $::FORM{who}. Thanks to Ed Korthof (edk@collab.net) for patch.
---

diff --git a/CGI.pl b/CGI.pl
index a0f667af3b..2e782b6dad 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -560,6 +560,11 @@ sub quietly_check_login() {
             }
         }
     }
+    # if 'who' is passed in, verify that it's a good value
+    if ($::FORM{'who'}) {
+        my $whoid = DBname_to_id($::FORM{'who'});
+        delete $::FORM{'who'} unless $whoid;
+    }
     if (!$loginok) {
         delete $::COOKIE{"Bugzilla_login"};
     }