From: Frédéric Buclin Date: Tue, 22 Dec 2015 17:59:31 +0000 (+0100) Subject: Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when displaying... X-Git-Tag: bugzilla-4.4.11~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f7540c159f9613d41df1cd7e14cdee5e6c49ef4;p=thirdparty%2Fbugzilla.git Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when displaying the bug summary r/a=dkl --- diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 4187bdd4e4..00fd2061a7 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -58,7 +58,7 @@ sub CreateImagemap { # Pick up bugid from the mapdata label field. Getting the title from # bugtitle hash instead of mapdata allows us to get the summary even # when showsummary is off, and also gives us status and resolution. - my $bugtitle = html_quote(clean_text($bugtitles{$bugid})); + my $bugtitle = $bugtitles{$bugid}; $map .= qq{bug $bugid\n}; @@ -176,13 +176,16 @@ foreach my $k (@bug_ids) { # Retrieve bug information from the database my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k); + $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); + # Resolution and summary are shown only if user can see the bug - if (!$user->can_see_bug($k)) { + if ($user->can_see_bug($k)) { + $summary = html_quote(clean_text($summary)); + } + else { $resolution = $summary = ''; } - $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); - my @params; if ($summary ne "" && $cgi->param('showsummary')) {