From: Reed Loden <reed@reedloden.com>
Date: Thu, 4 Aug 2011 19:21:36 +0000 (-0700)
Subject: Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containi... 
X-Git-Tag: bugzilla-4.0.2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d93de515bd99ecd111a2a9c2bdc0cf9eb1da1d79;p=thirdparty%2Fbugzilla.git

Bug 657158 - (CVE-2011-2381) [SECURITY] Request email headers for attachment containing newline are corrupt
[r=LpSolit a=LpSolit]
---

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 3ebda68efa..cc3d006135 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -688,6 +688,9 @@ sub create {
             # as prefix. In addition it replaces a ' ' by a '_'.
             css_class_quote => \&Bugzilla::Util::css_class_quote ,
 
+            # Removes control characters and trims extra whitespace.
+            clean_text => \&Bugzilla::Util::clean_text ,
+
             quoteUrls => [ sub {
                                my ($context, $bug, $comment) = @_;
                                return sub {
diff --git a/template/en/default/request/email.txt.tmpl b/template/en/default/request/email.txt.tmpl
index 182ac09e0a..b7a9932e41 100644
--- a/template/en/default/request/email.txt.tmpl
+++ b/template/en/default/request/email.txt.tmpl
@@ -50,7 +50,7 @@ From: [% Param('mailfrom') %]
 To: [% to %]
 Subject: [% flagtype_name %] [%+ subject_status %]: [[% terms.Bug %] [%+ bug.bug_id %]] [% bug.short_desc %]
 [%- IF attachment %] :
-  [Attachment [% attachment.id %]] [% attachment.description %][% END %]
+  [Attachment [% attachment.id %]] [% attachment.description FILTER clean_text %][% END %]
 Date: [% date %]
 X-Bugzilla-Type: request
 [%+ threadingmarker %]