From: Frédéric Buclin Date: Tue, 15 Mar 2016 16:07:20 +0000 (+0100) Subject: Bug 1253267: DOT injection vulnerability in dependency graphs when long bug summaries... X-Git-Tag: release-5.1.1~53 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27daf484e99ea638f10beec81f41a2bcb412fd4d;p=thirdparty%2Fbugzilla.git Bug 1253267: DOT injection vulnerability in dependency graphs when long bug summaries are wrapped r=dkl --- diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index e692167de3..196d8f84ec 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -199,6 +199,9 @@ foreach my $k (@bug_ids) { utf8::encode($summary) if utf8::is_utf8($summary); $summary = wrap_comment($summary); $summary =~ s/([\\\"])/\\$1/g; + # Newlines must be escaped too, to not break the .map file + # and to prevent code injection. + $summary =~ s/\n/\\n/g; push(@params, qq{label="$k\\n$summary"}); }