Bug 611623: The alias is not filtered in QuickSearch when passed to show_bug.cgi

r=glob a=LpSolit
author: Frédéric Buclin <LpSolit@gmail.com> 2010-11-13 01:13:27 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2010-11-13 01:13:27 +0100
commit: e67cde3c7002d51a083676c5e4b5d998edffd833 (patch)
tree: 69e8abd000189a351533835c6fb1ac0054677fd6
parent: Bug 591165: (CVE-2010-2761) [SECURITY] Bump minimum required version of CGI.p... (diff)
download: bugzilla-e67cde3c7002d51a083676c5e4b5d998edffd833.tar.gz
bugzilla-e67cde3c7002d51a083676c5e4b5d998edffd833.tar.bz2
bugzilla-e67cde3c7002d51a083676c5e4b5d998edffd833.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/Bugzilla/Search/Quicksearch.pm b/Bugzilla/Search/Quicksearch.pm
index 6ffc63b65..cec99d95d 100644
--- a/Bugzilla/Search/Quicksearch.pm
+++ b/Bugzilla/Search/Quicksearch.pm
@@ -247,6 +247,7 @@ sub _handle_alias {
         my $is_alias = Bugzilla->dbh->selectrow_array(
             q{SELECT 1 FROM bugs WHERE alias = ?}, undef, $alias);
         if ($is_alias) {
+            $alias = url_quote($alias);
             print Bugzilla->cgi->redirect(
                 -uri => correct_urlbase() . "show_bug.cgi?id=$alias");
             exit;
author	Frédéric Buclin <LpSolit@gmail.com>	2010-11-13 01:13:27 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2010-11-13 01:13:27 +0100
commit	e67cde3c7002d51a083676c5e4b5d998edffd833 (patch)
tree	69e8abd000189a351533835c6fb1ac0054677fd6
parent	Bug 591165: (CVE-2010-2761) [SECURITY] Bump minimum required version of CGI.p... (diff)
download	bugzilla-e67cde3c7002d51a083676c5e4b5d998edffd833.tar.gz bugzilla-e67cde3c7002d51a083676c5e4b5d998edffd833.tar.bz2 bugzilla-e67cde3c7002d51a083676c5e4b5d998edffd833.zip