diff options
author | David Lawrence <dkl@mozilla.com> | 2015-12-23 04:23:34 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-12-23 04:23:34 +0100 |
commit | 8f501234a26736c72cadc5329bd2a3fd54bf17c5 (patch) | |
tree | 908c2b65ac7b1a4f6226b88fc5b0df6a7c68a5c1 | |
parent | 8a1506c0ac3b9fa6539cc153eff0d291c645d1d5 (diff) | |
download | bugzilla-8f501234a26736c72cadc5329bd2a3fd54bf17c5.tar.gz bugzilla-8f501234a26736c72cadc5329bd2a3fd54bf17c5.tar.xz |
Bug 1229894 - Backport bug upstream 1221518 to bmo/4.2 [SECURITY] XSS in dependency graphs when displaying the bug summary
-rwxr-xr-x | showdependencygraph.cgi | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 4fc1b9386..24f3b8469 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -74,7 +74,7 @@ sub CreateImagemap { # Pick up bugid from the mapdata label field. Getting the title from # bugtitle hash instead of mapdata allows us to get the summary even # when showsummary is off, and also gives us status and resolution. - my $bugtitle = html_quote(clean_text($bugtitles{$bugid})); + my $bugtitle = $bugtitles{$bugid}; $map .= qq{<area alt="bug $bugid" name="bug$bugid" shape="rect" } . qq{title="$bugtitle" href="$url" } . qq{coords="$leftx,$topy,$rightx,$bottomy">\n}; @@ -190,13 +190,16 @@ foreach my $k (keys(%seen)) { # Retrieve bug information from the database my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k); + $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); + # Resolution and summary are shown only if user can see the bug - if (!Bugzilla->user->can_see_bug($k)) { + if (Bugzilla->user->can_see_bug($k)) { + $summary = html_quote(clean_text($summary)); + } + else { $resolution = $summary = ''; } - $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); - my @params; if ($summary ne "" && $cgi->param('showsummary')) { |