From: Frédéric Buclin Date: Thu, 4 Aug 2011 19:24:00 +0000 (-0700) Subject: Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containi... X-Git-Tag: bugzilla-3.6.6~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ac8045ff77116bdeb3f4dcc5f44d47815d6bc69;p=thirdparty%2Fbugzilla.git Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containing newline are corrupt [r=glob a=LpSolit] --- diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index f3fc1b82d3..bb5ff5eda7 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -549,6 +549,9 @@ sub create { # as prefix. In addition it replaces a ' ' by a '_'. css_class_quote => \&Bugzilla::Util::css_class_quote , + # Removes control characters and trims extra whitespace. + clean_text => \&Bugzilla::Util::clean_text , + quoteUrls => [ sub { my ($context, $bug, $comment) = @_; return sub { diff --git a/template/en/default/request/email.txt.tmpl b/template/en/default/request/email.txt.tmpl index e48b2fc133..20e7ef5ac0 100644 --- a/template/en/default/request/email.txt.tmpl +++ b/template/en/default/request/email.txt.tmpl @@ -50,7 +50,7 @@ From: [% Param('mailfrom') %] To: [% to %] Subject: [% flagtype_name %] [%+ subject_status %]: [[% terms.Bug %] [%+ bug.bug_id %]] [% bug.short_desc %] [%- IF attachment %] : - [Attachment [% attachment.id %]] [% attachment.description %][% END %] + [Attachment [% attachment.id %]] [% attachment.description FILTER clean_text %][% END %] X-Bugzilla-Type: request [%+ threadingmarker %]