diff options
| author | David Lawrence <dkl@mozilla.com> | 2015-12-23 04:27:08 +0100 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2015-12-23 04:27:08 +0100 |
| commit | 16176cbde18261361ff1e5d37fb653c64019f22a (patch) | |
| tree | 54fd1102a007375fdb00574a9ff6e700fd022795 | |
| parent | 8f501234a26736c72cadc5329bd2a3fd54bf17c5 (diff) | |
| download | bugzilla-16176cbde18261361ff1e5d37fb653c64019f22a.tar.gz bugzilla-16176cbde18261361ff1e5d37fb653c64019f22a.tar.xz | |
Bug 1234237 - Backport upstream bug 1232785 to bmo/4.2 [SECURITY] Buglists in CSV format can be parsed as valid javascript in some browsers
| -rw-r--r-- | Bugzilla/Template.pm | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index b03698477..076e654cb 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -860,6 +860,9 @@ sub create { { my ($var) = @_; $var = ' ' . $var if substr($var, 0, 1) eq '='; + # backslash is not special to CSV, but it can be used to confuse some browsers... + # so we do not allow it to happen. We only do this for logged-in users. + $var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id; $var =~ s/\"/\"\"/g; if ($var !~ /^-?(\d+\.)?\d*$/) { $var = "\"$var\""; |