From: Frédéric Buclin Date: Thu, 4 Aug 2011 19:25:13 +0000 (-0700) Subject: Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containi... X-Git-Tag: bugzilla-3.4.12~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16be296afd3ca67ad5f1b161ccf182236c68faf3;p=thirdparty%2Fbugzilla.git Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containing newline are corrupt [r=glob a=LpSolit] --- diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 529a264328..5630fc29c2 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -554,6 +554,9 @@ sub create { # as prefix. In addition it replaces a ' ' by a '_'. css_class_quote => \&Bugzilla::Util::css_class_quote , + # Removes control characters and trims extra whitespace. + clean_text => \&Bugzilla::Util::clean_text , + quoteUrls => [ sub { my ($context, $bug) = @_; return sub { diff --git a/template/en/default/request/email.txt.tmpl b/template/en/default/request/email.txt.tmpl index 9ba7aa2431..e4df5c79b0 100644 --- a/template/en/default/request/email.txt.tmpl +++ b/template/en/default/request/email.txt.tmpl @@ -47,7 +47,7 @@ From: [% Param('mailfrom') %] To: [% to %] Subject: [% flag.type.name %] [%+ subject_status %]: [[% terms.Bug %] [%+ bug.bug_id %]] [% bug.short_desc %] [%- IF attachment %] : - [Attachment [% attachment.id %]] [% attachment.description %][% END %] + [Attachment [% attachment.id %]] [% attachment.description FILTER clean_text %][% END %] X-Bugzilla-Type: request [%+ threadingmarker %]