From: jouni%heikniemi.net <>
Date: Sun, 23 May 2004 14:32:00 +0000 (+0000)
Subject: Bug 224021: taint issues in editusers.cgi
X-Git-Tag: bugzilla-2.18rc1~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e40fae0dfa8b41780fc927f260b6cd5f1a738ae4;p=thirdparty%2Fbugzilla.git

Bug 224021: taint issues in editusers.cgi
Patch by byron jones <bugzilla@glob.com.au>
r=jouni, a=justdave
---

diff --git a/editusers.cgi b/editusers.cgi
index abe4b6194e..f83a649846 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -323,6 +323,7 @@ if ($action eq 'list') {
       $query = "SELECT login_name,realname,disabledtext " .
           "FROM profiles WHERE " . $::FORM{'query'} . " ORDER BY login_name";
     } elsif (exists $::FORM{'group'}) {
+      detaint_natural($::FORM{'group'});
       $query = "SELECT DISTINCT login_name,realname,disabledtext " .
           "FROM profiles, user_group_map WHERE profiles.userid = user_group_map.user_id
            AND group_id=" . $::FORM{'group'} . " ORDER BY login_name";