Bug 1253267: DOT injection vulnerability in dependency graphs when long bug summaries...

author Frédéric Buclin <LpSolit@gmail.com>

Tue, 15 Mar 2016 16:07:20 +0000 (17:07 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Tue, 15 Mar 2016 16:07:20 +0000 (17:07 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Tue, 15 Mar 2016 16:07:20 +0000 (17:07 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Tue, 15 Mar 2016 16:07:20 +0000 (17:07 +0100)
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi

index e692167de3a3da8e449e3faaba39901ffd1c3a8e..196d8f84ec324bdac65a5fbe173ec80795263e22 100755 (executable)
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -199,6 +199,9 @@ foreach my $k (@bug_ids) {
          utf8::encode($summary) if utf8::is_utf8($summary);
          $summary = wrap_comment($summary);
          $summary =~ s/([\\\"])/\\$1/g;
+        # Newlines must be escaped too, to not break the .map file
+        # and to prevent code injection.
+        $summary =~ s/\n/\\n/g;
          push(@params, qq{label="$k\\n$summary"});
      }
author	Frédéric Buclin <LpSolit@gmail.com>
	Tue, 15 Mar 2016 16:07:20 +0000 (17:07 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Tue, 15 Mar 2016 16:07:20 +0000 (17:07 +0100)