[bugzilla-gnome-org-upstream/4.4] Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when displaying the bug summary r/a



commit 5f7540c159f9613d41df1cd7e14cdee5e6c49ef4
Author: Frédéric Buclin <LpSolit gmail com>
Date:   Tue Dec 22 18:59:31 2015 +0100

    Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when displaying the bug summary
    r/a=dkl

 showdependencygraph.cgi |   11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)
---
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 4187bdd..00fd206 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -58,7 +58,7 @@ sub CreateImagemap {
             # Pick up bugid from the mapdata label field. Getting the title from
             # bugtitle hash instead of mapdata allows us to get the summary even
             # when showsummary is off, and also gives us status and resolution.
-            my $bugtitle = html_quote(clean_text($bugtitles{$bugid}));
+            my $bugtitle = $bugtitles{$bugid};
             $map .= qq{<area alt="bug $bugid" name="bug$bugid" shape="rect" } .
                     qq{title="$bugtitle" href="$url" } .
                     qq{coords="$leftx,$topy,$rightx,$bottomy">\n};
@@ -176,13 +176,16 @@ foreach my $k (@bug_ids) {
     # Retrieve bug information from the database
     my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k);
 
+    $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id'));
+
     # Resolution and summary are shown only if user can see the bug
-    if (!$user->can_see_bug($k)) {
+    if ($user->can_see_bug($k)) {
+        $summary = html_quote(clean_text($summary));
+    }
+    else {
         $resolution = $summary = '';
     }
 
-    $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id'));
-
     my @params;
 
     if ($summary ne "" && $cgi->param('showsummary')) {


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]