projects
/
srvgit
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
46cad29
)
Bug 32457: Fix CGI vulnerability in addorder.pl
author
Marcel de Rooy
<m.de.rooy@rijksmuseum.nl>
Tue, 13 Dec 2022 14:31:10 +0000
(14:31 +0000)
committer
Tomas Cohen Arazi
<tomascohen@theke.io>
Wed, 14 Dec 2022 18:07:09 +0000
(15:07 -0300)
Test plan:
Go to acqui/addorder.pl.
Create two items.
Check if results still match your expectations.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
acqui/addorder.pl
patch
|
blob
|
history
diff --git
a/acqui/addorder.pl
b/acqui/addorder.pl
index
147d168
..
25fd4b3
100755
(executable)
--- a/
acqui/addorder.pl
+++ b/
acqui/addorder.pl
@@
-190,7
+190,7
@@
unless($confirm_budget_exceeding) {
foreach (keys %$vars) {
push @vars_loop, {
name => $_,
- values => [
$input->param($_)
],
+ values => [
$input->multi_param($_)
],
};
}