From eb0f3101f8cdcf41cf062e6a93b7d594b23f9295 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Tue, 13 Dec 2022 14:31:10 +0000 Subject: [PATCH] Bug 32457: Fix CGI vulnerability in addorder.pl Test plan: Go to acqui/addorder.pl. Create two items. Check if results still match your expectations. Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit b389f9a361cf16c11f3678b8e42aa6eb1e91a930) Signed-off-by: Martin Renvoize (cherry picked from commit 427d0b32e9aefa812ac97497b79cbe511fbbca05) Signed-off-by: Lucas Gass (cherry picked from commit fc980aed316439549d5ad1ad09183d8a40fdcde3) Signed-off-by: Arthur Suzuki --- acqui/addorder.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acqui/addorder.pl b/acqui/addorder.pl index 318b148c8a..14813d6ff7 100755 --- a/acqui/addorder.pl +++ b/acqui/addorder.pl @@ -181,7 +181,7 @@ unless($confirm_budget_exceeding) { foreach (keys %$vars) { push @vars_loop, { name => $_, - values => [$input->param($_)], + values => [ $input->multi_param($_) ], }; } -- 2.39.5