From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 4 Aug 2010 21:56:43 +0000 (+0200)
Subject: Bug 577139: (CVE-2010-2758) [SECURITY] request.cgi and duplicates.cgi let you know... 
X-Git-Tag: bugzilla-3.6.2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a234c8636f83e268666f3123d077f36aff1d57fd;p=thirdparty%2Fbugzilla.git

Bug 577139: (CVE-2010-2758) [SECURITY] request.cgi and duplicates.cgi let you know whether a product exists or not
r=mkanat a=LpSolit
---

diff --git a/request.cgi b/request.cgi
index b54477cb19..637fb2e5f2 100755
--- a/request.cgi
+++ b/request.cgi
@@ -206,7 +206,7 @@ sub queue {
     
     # Filter results by exact product or component.
     if (defined $cgi->param('product') && $cgi->param('product') ne "") {
-        my $product = Bugzilla::Product::check_product(scalar $cgi->param('product'));
+        my $product = Bugzilla::Product->check(scalar $cgi->param('product'));
         push(@criteria, "bugs.product_id = " . $product->id);
         push(@excluded_columns, 'product') unless $cgi->param('do_union');
         if (defined $cgi->param('component') && $cgi->param('component') ne "") {