From b389f9a361cf16c11f3678b8e42aa6eb1e91a930 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Tue, 13 Dec 2022 14:31:10 +0000 Subject: [PATCH] Bug 32457: Fix CGI vulnerability in addorder.pl Test plan: Go to acqui/addorder.pl. Create two items. Check if results still match your expectations. Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi --- acqui/addorder.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acqui/addorder.pl b/acqui/addorder.pl index 147d168050..25fd4b3109 100755 --- a/acqui/addorder.pl +++ b/acqui/addorder.pl @@ -190,7 +190,7 @@ unless($confirm_budget_exceeding) { foreach (keys %$vars) { push @vars_loop, { name => $_, - values => [$input->param($_)], + values => [ $input->multi_param($_) ], }; } -- 2.39.5