Files · a4e75a434f1fbbae4b438927ae02958baad7f1b7 · etersoft / bugzilla

[SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e. usually an… · a4e75a43

authored Nov 03, 2003

[SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e. usually an administrator) can inject arbitrary SQL via the URL used to edit an existing keyword.
Patch by Joel Peshkin <bugreport@peshkin.net>
r= justdave, zach  a= justdave

a4e75a43

Name	Last commit	Last update
Bugzilla		Loading commit data...
contrib		Loading commit data...
css		Loading commit data...
docs		Loading commit data...
js		Loading commit data...
skins/standard		Loading commit data...
t		Loading commit data...
template		Loading commit data...
.cvsignore		Loading commit data...
1x1.gif		Loading commit data...
Attachment.pm		Loading commit data...
Bug.pm		Loading commit data...
Bugzilla.pm		Loading commit data...
CGI.pl		Loading commit data...
QUICKSTART		Loading commit data...
README		Loading commit data...
RelationSet.pm		Loading commit data...
Token.pm		Loading commit data...
UPGRADING		Loading commit data...
UPGRADING-pre-2.8		Loading commit data...
ant.jpg		Loading commit data...
attachment.cgi		Loading commit data...
bug_status.html		Loading commit data...
buglist.cgi		Loading commit data...
bugwritinghelp.html		Loading commit data...
bugzilla.dtd		Loading commit data...
chart.cgi		Loading commit data...
checksetup.pl		Loading commit data...
colchange.cgi		Loading commit data...
collectstats.pl		Loading commit data...
config.cgi		Loading commit data...
createaccount.cgi		Loading commit data...
defparams.pl		Loading commit data...
describecomponents.cgi		Loading commit data...
describekeywords.cgi		Loading commit data...
doeditparams.cgi		Loading commit data...
duplicates.cgi		Loading commit data...
duplicates.xul		Loading commit data...
editcomponents.cgi		Loading commit data...
editflagtypes.cgi		Loading commit data...
editgroups.cgi		Loading commit data...
editkeywords.cgi		Loading commit data...
editmilestones.cgi		Loading commit data...
editparams.cgi		Loading commit data...
editproducts.cgi		Loading commit data...
editusers.cgi		Loading commit data...
editversions.cgi		Loading commit data...
enter_bug.cgi		Loading commit data...
globals.pl		Loading commit data...
importxml.pl		Loading commit data...
index.cgi		Loading commit data...
localconfig.js		Loading commit data...
long_list.cgi		Loading commit data...
move.pl		Loading commit data...
page.cgi		Loading commit data...
post_bug.cgi		Loading commit data...
process_bug.cgi		Loading commit data...
productmenu.js		Loading commit data...
query.cgi		Loading commit data...
queryhelp.cgi		Loading commit data...
quicksearch.html		Loading commit data...
quicksearch.js		Loading commit data...
quicksearchhack.html		Loading commit data...
quips.cgi		Loading commit data...
relogin.cgi		Loading commit data...
report.cgi		Loading commit data...
reports.cgi		Loading commit data...
request.cgi		Loading commit data...
robots.txt		Loading commit data...
runtests.pl		Loading commit data...
runtests.sh		Loading commit data...
sanitycheck.cgi		Loading commit data...
show_activity.cgi		Loading commit data...
show_bug.cgi		Loading commit data...
showattachment.cgi		Loading commit data...
showdependencygraph.cgi		Loading commit data...
showdependencytree.cgi		Loading commit data...
sidebar.cgi		Loading commit data...
token.cgi		Loading commit data...
userprefs.cgi		Loading commit data...
votehelp.html		Loading commit data...
votes.cgi		Loading commit data...
whineatnews.pl		Loading commit data...
xml.cgi		Loading commit data...

README