From: myk%mozilla.org <>
Date: Thu, 8 Nov 2001 08:54:15 +0000 (+0000)
Subject: Fix for bug 108822: Prevent any user from changing their own groupset.
X-Git-Tag: bugzilla-2.14.1~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=faefca3cf83c24365dd29cc874024d0cb82732f9;p=thirdparty%2Fbugzilla.git

Fix for bug 108822: Prevent any user from changing their own groupset.
Patch by Jake <jake@acutex.net>.
r=bbaetz,myk
---

diff --git a/userprefs.cgi b/userprefs.cgi
index bd5dcb4f29..bc0f1d672b 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -495,8 +495,8 @@ sub SaveFooter {
             Error("Hmm, the $name query seems to have gone away.");
         }
     }
-    SendSQL("UPDATE profiles SET mybugslink = '" . $::FORM{'mybugslink'} .
-            "' WHERE userid = $userid");
+    SendSQL("UPDATE profiles SET mybugslink = " . SqlQuote($::FORM{'mybugslink'}) .
+            " WHERE userid = $userid");
 }