Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containi...

[r=glob a=LpSolit]

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 529a264328ab7b46c5cc75593ef91d72ae54bb51..5630fc29c23bee752ae5a3bc3b84da0f8ec7797b 100644 (file)
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -554,6 +554,9 @@ sub create {
             # as prefix. In addition it replaces a ' ' by a '_'.
             css_class_quote => \&Bugzilla::Util::css_class_quote ,
 
+            # Removes control characters and trims extra whitespace.
+            clean_text => \&Bugzilla::Util::clean_text ,
+
             quoteUrls => [ sub {
                                my ($context, $bug) = @_;
                                return sub {

diff --git a/template/en/default/request/email.txt.tmpl b/template/en/default/request/email.txt.tmpl
index 9ba7aa24311eb27c375ce57cc109854094e57b0e..e4df5c79b08c4e1a94042ba2a8f571d41c8aa957 100644 (file)
--- a/template/en/default/request/email.txt.tmpl
+++ b/template/en/default/request/email.txt.tmpl
@@ -47,7 +47,7 @@ From: [% Param('mailfrom') %]
 To: [% to %]
 Subject: [% flag.type.name %] [%+ subject_status %]: [[% terms.Bug %] [%+ bug.bug_id %]] [% bug.short_desc %]
 [%- IF attachment %] :
-  [Attachment [% attachment.id %]] [% attachment.description %][% END %]
+  [Attachment [% attachment.id %]] [% attachment.description FILTER clean_text %][% END %]
 X-Bugzilla-Type: request
 [%+ threadingmarker %]