summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2015-12-23 04:27:08 +0100
committerDavid Lawrence <dkl@mozilla.com>2015-12-23 04:27:08 +0100
commit16176cbde18261361ff1e5d37fb653c64019f22a (patch)
tree54fd1102a007375fdb00574a9ff6e700fd022795
parent8f501234a26736c72cadc5329bd2a3fd54bf17c5 (diff)
downloadbugzilla-16176cbde18261361ff1e5d37fb653c64019f22a.tar.gz
bugzilla-16176cbde18261361ff1e5d37fb653c64019f22a.tar.xz
Bug 1234237 - Backport upstream bug 1232785 to bmo/4.2 [SECURITY] Buglists in CSV format can be parsed as valid javascript in some browsers
-rw-r--r--Bugzilla/Template.pm3
1 files changed, 3 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index b03698477..076e654cb 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -860,6 +860,9 @@ sub create {
{
my ($var) = @_;
$var = ' ' . $var if substr($var, 0, 1) eq '=';
+ # backslash is not special to CSV, but it can be used to confuse some browsers...
+ # so we do not allow it to happen. We only do this for logged-in users.
+ $var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
$var =~ s/\"/\"\"/g;
if ($var !~ /^-?(\d+\.)?\d*$/) {
$var = "\"$var\"";