Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and...

author Byron Jones <glob@mozilla.com>

Wed, 28 Dec 2011 22:03:56 +0000 (17:03 -0500)

committer Dave Lawrence <dlawrence@mozilla.com>

Wed, 28 Dec 2011 22:03:56 +0000 (17:03 -0500)
author Byron Jones <glob@mozilla.com>
Wed, 28 Dec 2011 22:03:56 +0000 (17:03 -0500)
committer Dave Lawrence <dlawrence@mozilla.com>
Wed, 28 Dec 2011 22:03:56 +0000 (17:03 -0500)
diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm

index 760db135dfb67e51409db891955450f3ffe83d09..dfbf32a51d1cff01e590536e291a1d05f3e9174d 100644 (file)
--- a/Bugzilla/Chart.pm
+++ b/Bugzilla/Chart.pm
@@ -438,7 +438,7 @@ sub dump {
      
      require Data::Dumper;
      print "<pre>Bugzilla::Chart object:\n";
-    print Data::Dumper::Dumper($self);
+    print html_quote(Data::Dumper::Dumper($self));
      print "</pre>";
  }
  
diff --git a/report.cgi b/report.cgi

index a71776bfe6a1eac41f8e01e4bc8a8a279cdf8a9b..dccc470a7bce5d83e016c852d8235cb9e2185f84 100755 (executable)
--- a/report.cgi
+++ b/report.cgi
@@ -288,9 +288,9 @@ print $cgi->header(-type => $format->{'ctype'},
  if ($cgi->param('debug')) {
      require Data::Dumper;
      print "<pre>data hash:\n";
-    print Data::Dumper::Dumper(%data) . "\n\n";
+    print html_quote(Data::Dumper::Dumper(%data)) . "\n\n";
      print "data array:\n";
-    print Data::Dumper::Dumper(@image_data) . "\n\n</pre>";
+    print html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>";
  }
  
  # All formats point to the same section of the documentation.
author	Byron Jones <glob@mozilla.com>
	Wed, 28 Dec 2011 22:03:56 +0000 (17:03 -0500)
committer	Dave Lawrence <dlawrence@mozilla.com>
	Wed, 28 Dec 2011 22:03:56 +0000 (17:03 -0500)
Bugzilla/Chart.pm		patch \| blob \| blame \| history
report.cgi		patch \| blob \| blame \| history