Bug 237627: Validate dataset name in reports.cgi

patch by teemu r=justdave a=justdave
author: bugreport%peshkin.net <> 2004-07-10 15:03:15 +0000
committer: bugreport%peshkin.net <> 2004-07-10 15:03:15 +0000
commit: 51bfafc74aa20129399ffe076ee526cb745dc371 (patch)
tree: c9a5becfedf6078f1a2d402f6f914104d0a40433 /reports.cgi
parent: Bug 244272: Remove editusers 'query' parameter (diff)
download: bugzilla-51bfafc74aa20129399ffe076ee526cb745dc371.tar.gz
bugzilla-51bfafc74aa20129399ffe076ee526cb745dc371.tar.bz2
bugzilla-51bfafc74aa20129399ffe076ee526cb745dc371.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/reports.cgi b/reports.cgi
index 01ce99277..685b16418 100755
--- a/reports.cgi
+++ b/reports.cgi
@@ -234,7 +234,7 @@ sub chart_image_name {
     # Instead, just require that each field name consists only of letters
     # and number
 
-    if ($datasets !~ m/[A-Za-z0-9:]/) {
+    if ($datasets !~ m/^[A-Za-z0-9:]+$/) {
         die "Invalid datasets $datasets";
     }
author	bugreport%peshkin.net <>	2004-07-10 15:03:15 +0000
committer	bugreport%peshkin.net <>	2004-07-10 15:03:15 +0000
commit	51bfafc74aa20129399ffe076ee526cb745dc371 (patch)
tree	c9a5becfedf6078f1a2d402f6f914104d0a40433 /reports.cgi
parent	Bug 244272: Remove editusers 'query' parameter (diff)
download	bugzilla-51bfafc74aa20129399ffe076ee526cb745dc371.tar.gz bugzilla-51bfafc74aa20129399ffe076ee526cb745dc371.tar.bz2 bugzilla-51bfafc74aa20129399ffe076ee526cb745dc371.zip