From: gerv%gerv.net <> Date: Sun, 9 Nov 2003 02:04:36 +0000 (+0000) Subject: Bug 195530 - Make javascript version of buglists available, part 2. This is a securit... X-Git-Tag: bugzilla-2.17.6~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc7ebc28b0859d7ddecd704001ff1adc54856d47;p=thirdparty%2Fbugzilla.git Bug 195530 - Make javascript version of buglists available, part 2. This is a security fix to prevent remote sites being able to see sensitive bug data. Patch by gerv; r=justdave, r=myk, a=justdave. --- diff --git a/buglist.cgi b/buglist.cgi index fa664c251c..1c5161481c 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -88,6 +88,16 @@ if ($::FORM{'format'} && $::FORM{'format'} eq "rdf" && !$::FORM{'ctype'}) { delete($::FORM{'format'}); } +# The js ctype presents a security risk; a malicious site could use it +# to gather information about secure bugs. So, we only allow public bugs to be +# retrieved with this format. +# +# Note that if and when this call clears cookies or has other persistent +# effects, we'll need to do this another way instead. +if ($::FORM{'ctype'} eq "js") { + Bugzilla->logout(); +} + # Determine the format in which the user would like to receive the output. # Uses the default format if the user did not specify an output format; # otherwise validates the user's choice against the list of available formats. diff --git a/template/en/default/list/list.js.tmpl b/template/en/default/list/list.js.tmpl index 8dde0c5b7a..e6bc794c2b 100644 --- a/template/en/default/list/list.js.tmpl +++ b/template/en/default/list/list.js.tmpl @@ -18,6 +18,11 @@ # # Contributor(s): Gervase Markham #%] + +// Note: only publicly-accessible bugs (those not in any group) will be +// listed when using this JavaScript format. This is to prevent malicious +// sites stealing information about secure bugs. + bugs = new Array; [% FOREACH bug = bugs %]