[SECURITY] Bug 219044: A user with 'editkeywords' privileges (i.e. usually an administrator) can inject arbitrary SQL via the URL used to edit an existing keyword.

Patch by Joel Peshkin <bugreport@peshkin.net>
r= justdave, zach  a= justdave

webtools/bugzilla/editkeywords.cgi

@@ -126,6 +126,7 @@ unless (UserInGroup("editkeywords")) {
 
 
 my $action  = trim($::FORM{action}  || '');
+detaint_natural($::FORM{id});
 
 
 if ($action eq "") {