From: Dave Miller <justdave@bugzilla.org>
Date: Thu, 29 Aug 2024 11:05:38 +0000 (-0400)
Subject: Bug 1439260: XSS in chart.cgi and report.cgi
X-Git-Tag: bugzilla-5.2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2b5bf1ccea9ca61989b5f0819d929252bd41fc6f;p=thirdparty%2Fbugzilla.git

Bug 1439260: XSS in chart.cgi and report.cgi
---

diff --git a/chart.cgi b/chart.cgi
index 0df1c5b2b..fb1fc9c78 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -318,15 +318,11 @@ sub plot {
 
   my $format
     = $template->get_format("reports/chart", "", scalar($cgi->param('ctype')));
-  $format->{'ctype'} = 'text/html' if $cgi->param('debug');
 
   $cgi->set_dated_content_disp('inline', 'chart', $format->{extension});
   print $cgi->header($format->{'ctype'});
   disable_utf8() if ($format->{'ctype'} =~ /^image\//);
 
-  # Debugging PNGs is a pain; we need to be able to see the error messages
-  $vars->{'chart'}->dump() if $cgi->param('debug');
-
   $template->process($format->{'template'}, $vars)
     || ThrowTemplateError($template->error());
 }
@@ -362,10 +358,6 @@ sub view {
 
   print $cgi->header();
 
-  # If we have having problems with bad data, we can set debug=1 to dump
-  # the data structure.
-  $chart->dump() if $cgi->param('debug');
-
   $template->process("reports/create-chart.html.tmpl", $vars)
     || ThrowTemplateError($template->error());
 }
diff --git a/report.cgi b/report.cgi
index f772b72fc..6aebe20dc 100755
--- a/report.cgi
+++ b/report.cgi
@@ -312,13 +312,6 @@ $vars->{'height'}          = $height;
 $vars->{'queries'}         = $extra_data;
 $vars->{'saved_report_id'} = $cgi->param('saved_report_id');
 
-if ( $cgi->param('debug')
-  && Bugzilla->params->{debug_group}
-  && Bugzilla->user->in_group(Bugzilla->params->{debug_group}))
-{
-  $vars->{'debug'} = 1;
-}
-
 if ($action eq "wrap") {
 
   # So which template are we using? If action is "wrap", we will be using
@@ -367,24 +360,9 @@ else {
 my $format = $template->get_format("reports/report", $formatparam,
   scalar($cgi->param('ctype')));
 
-# If we get a template or CGI error, it comes out as HTML, which isn't valid
-# PNG data, and the browser just displays a "corrupt PNG" message. So, you can
-# set debug=1 to always get an HTML content-type, and view the error.
-$format->{'ctype'} = "text/html" if $cgi->param('debug');
-
 $cgi->set_dated_content_disp("inline", "report", $format->{extension});
 print $cgi->header($format->{'ctype'});
 
-# Problems with this CGI are often due to malformed data. Setting debug=1
-# prints out both data structures.
-if ($cgi->param('debug')) {
-  require Data::Dumper;
-  say "<pre>data hash:";
-  say html_quote(Data::Dumper::Dumper(%data));
-  say "\ndata array:";
-  say html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>";
-}
-
 # All formats point to the same section of the documentation.
 $vars->{'doc_section'} = 'using/reports-and-charts.html#reports';