Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and...

author Byron Jones <glob@mozilla.com>

Wed, 28 Dec 2011 21:51:44 +0000 (16:51 -0500)

committer Dave Lawrence <dlawrence@mozilla.com>

Wed, 28 Dec 2011 21:51:44 +0000 (16:51 -0500)
author Byron Jones <glob@mozilla.com>
Wed, 28 Dec 2011 21:51:44 +0000 (16:51 -0500)
committer Dave Lawrence <dlawrence@mozilla.com>
Wed, 28 Dec 2011 21:51:44 +0000 (16:51 -0500)
diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm

index 58089d29ee1ed58c6e22c2c080f53ffabb5c89e7..f218c6306a9cae6fd406511a8e7a8a612ac0189a 100644 (file)
--- a/Bugzilla/Chart.pm
+++ b/Bugzilla/Chart.pm
@@ -438,7 +438,7 @@ sub dump {
      
      require Data::Dumper;
      print "<pre>Bugzilla::Chart object:\n";
-    print Data::Dumper::Dumper($self);
+    print html_quote(Data::Dumper::Dumper($self));
      print "</pre>";
  }
  
diff --git a/report.cgi b/report.cgi

index 17c03a9e44141dc805cf14f3286c07841787f9c3..18bed40a0dd0769cf24057cc5877c410be285a55 100755 (executable)
--- a/report.cgi
+++ b/report.cgi
@@ -307,9 +307,9 @@ print $cgi->header(-type => $format->{'ctype'},
  if ($cgi->param('debug')) {
      require Data::Dumper;
      print "<pre>data hash:\n";
-    print Data::Dumper::Dumper(%data) . "\n\n";
+    print html_quote(Data::Dumper::Dumper(%data)) . "\n\n";
      print "data array:\n";
-    print Data::Dumper::Dumper(@image_data) . "\n\n</pre>";
+    print html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>";
  }
  
  # All formats point to the same section of the documentation.
author	Byron Jones <glob@mozilla.com>
	Wed, 28 Dec 2011 21:51:44 +0000 (16:51 -0500)
committer	Dave Lawrence <dlawrence@mozilla.com>
	Wed, 28 Dec 2011 21:51:44 +0000 (16:51 -0500)
Bugzilla/Chart.pm		patch \| blob \| blame \| history
report.cgi		patch \| blob \| blame \| history