]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49b2e90)
Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid javascript...
authorDylan Hardison <dylan@mozilla.com>
Tue, 22 Dec 2015 18:34:38 +0000 (13:34 -0500)
committerDylan Hardison <dylan@mozilla.com>
Tue, 22 Dec 2015 18:36:32 +0000 (13:36 -0500)
r=dkl,a=dkl

Bugzilla/Template.pm patch | blob | blame | history

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 7fd3f0e8d7340361751d063b955335e3778721aa..1daeacf8cdafd5228ea6c711b26e486663bbbf6c 100644 (file)
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -744,6 +744,9 @@ sub create {
             {
                 my ($var) = @_;
                 $var = ' ' . $var if substr($var, 0, 1) eq '=';
+                # backslash is not special to CSV, but it can be used to confuse some browsers...
+                # so we do not allow it to happen. We only do this for logged-in users.
+                $var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
                 $var =~ s/\"/\"\"/g;
                 if ($var !~ /^-?(\d+\.)?\d*$/) {
                     $var = "\"$var\"";
Mirror of https://github.com/bugzilla/bugzilla.git