[bugzilla-gnome-org-upstream/4.4] Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid javascript in some browsers r

From: Andrea Veri <av src gnome org>
To: commits-list gnome org
Cc:
Subject: [bugzilla-gnome-org-upstream/4.4] Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid javascript in some browsers r
Date: Wed, 18 May 2016 11:56:58 +0000 (UTC)

commit ce870730e78b86b92f2bcad39514840965918508
Author: Dylan Hardison <dylan mozilla com>
Date:   Tue Dec 22 13:34:38 2015 -0500

    Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid javascript in some browsers
    r=dkl,a=dkl

 Bugzilla/Template.pm |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 72d899c..cfcbc66 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -719,6 +719,9 @@ sub create {
             {
                 my ($var) = @_;
                 $var = ' ' . $var if substr($var, 0, 1) eq '=';
+                # backslash is not special to CSV, but it can be used to confuse some browsers...
+                # so we do not allow it to happen. We only do this for logged-in users.
+                $var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
                 $var =~ s/\"/\"\"/g;
                 if ($var !~ /^-?(\d+\.)?\d*$/) {
                     $var = "\"$var\"";

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]