diff options
| author |   myk%mozilla.org <> | 2001-11-08 08:54:15 +0000 |
|---|---|---|
| committer | myk%mozilla.org <> | 2001-11-08 08:54:15 +0000 |
| commit | faefca3cf83c24365dd29cc874024d0cb82732f9 (patch) | |
| tree | 378cd3589cfb6ae96af347469a8ad076c82ba90c | |
| parent | Fix for bug 108821: Prevent users with any blessgroupset privileges from bles... (diff) | |
| download | bugzilla-faefca3cf83c24365dd29cc874024d0cb82732f9.tar.gz bugzilla-faefca3cf83c24365dd29cc874024d0cb82732f9.tar.bz2 bugzilla-faefca3cf83c24365dd29cc874024d0cb82732f9.zip | |
Fix for bug 108822: Prevent any user from changing their own groupset.
Patch by Jake <jake@acutex.net>.
r=bbaetz,myk
| -rwxr-xr-x | userprefs.cgi | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index bd5dcb4f2..bc0f1d672 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -495,8 +495,8 @@ sub SaveFooter { Error("Hmm, the $name query seems to have gone away."); } } - SendSQL("UPDATE profiles SET mybugslink = '" . $::FORM{'mybugslink'} . - "' WHERE userid = $userid"); + SendSQL("UPDATE profiles SET mybugslink = " . SqlQuote($::FORM{'mybugslink'}) . + " WHERE userid = $userid"); } |