Validate value of $::FORM{who}. Thanks to Ed Korthof (edk@collab.net) for patch.

6768b59c · cyeh%bluemartini.com · f06cbb71 · 6768b59c
Commit 6768b59c authored May 09, 2000 by cyeh%bluemartini.com
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

CGI.pl CGI.pl +5 -0

No files found.
--- a/CGI.pl
+++ b/CGI.pl
@@ -560,6 +560,11 @@ sub quietly_check_login() {
            }
        }
    }
+    # if 'who' is passed in, verify that it's a good value
+    if ($::FORM{'who'}) {
+        my $whoid = DBname_to_id($::FORM{'who'});
+        delete $::FORM{'who'} unless $whoid;
+    }
    if (!$loginok) {
        delete $::COOKIE{"Bugzilla_login"};
    }