From: Dave Miller Date: Tue, 29 Aug 2023 04:47:11 +0000 (-0400) Subject: Bug 1439260: XSS in chart.cgi and report.cgi X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=67d5f3c5f60598f33c88a6599c5ae5923097a16e;p=thirdparty%2Fbugzilla.git Bug 1439260: XSS in chart.cgi and report.cgi --- diff --git a/chart.cgi b/chart.cgi index 0e1411f05..88a327822 100755 --- a/chart.cgi +++ b/chart.cgi @@ -318,12 +318,6 @@ sub plot { my $format = $template->get_format("reports/chart", "", scalar($cgi->param('ctype'))); - # Debugging PNGs is a pain; we need to be able to see the error messages - if ($cgi->param('debug')) { - print $cgi->header(); - $vars->{'chart'}->dump(); - } - print $cgi->header($format->{'ctype'}); disable_utf8() if ($format->{'ctype'} =~ /^image\//); @@ -362,10 +356,6 @@ sub view { print $cgi->header(); - # If we have having problems with bad data, we can set debug=1 to dump - # the data structure. - $chart->dump() if $cgi->param('debug'); - $template->process("reports/create-chart.html.tmpl", $vars) || ThrowTemplateError($template->error()); } diff --git a/report.cgi b/report.cgi index 2f6f90646..a49d931f1 100755 --- a/report.cgi +++ b/report.cgi @@ -216,13 +216,6 @@ $vars->{'width'} = $width if $width; $vars->{'height'} = $height if $height; $vars->{'queries'} = $extra_data; -if ( $cgi->param('debug') - && Bugzilla->params->{debug_group} - && Bugzilla->user->in_group(Bugzilla->params->{debug_group})) -{ - $vars->{'debug'} = 1; -} - if ($action eq "wrap") { # So which template are we using? If action is "wrap", we will be using @@ -271,24 +264,9 @@ else { my $format = $template->get_format("reports/report", $formatparam, scalar($cgi->param('ctype'))); -# If we get a template or CGI error, it comes out as HTML, which isn't valid -# PNG data, and the browser just displays a "corrupt PNG" message. So, you can -# set debug=1 to always get an HTML content-type, and view the error. -$format->{'ctype'} = "text/html" if $cgi->param('debug'); - $cgi->set_dated_content_disp("inline", "report", $format->{extension}); print $cgi->header($format->{'ctype'}); -# Problems with this CGI are often due to malformed data. Setting debug=1 -# prints out both data structures. -if ($cgi->param('debug')) { - require Data::Dumper; - print "
data hash:\n";
-  print html_quote(Data::Dumper::Dumper(%data)) . "\n\n";
-  print "data array:\n";
-  print html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n
"; -} - # All formats point to the same section of the documentation. $vars->{'doc_section'} = 'reporting.html#reports';