summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2015-12-22 19:34:38 +0100
committerDylan Hardison <dylan@mozilla.com>2015-12-22 19:37:03 +0100
commit34f8910f2b22ada382d191052f70a7427c88f95a (patch)
tree1f7e8065e3c8812a4e1ea0499214e1ff09e683bb
parente69201a466d40d563d3c28a599c1569cfca9b471 (diff)
downloadbugzilla-34f8910f2b22ada382d191052f70a7427c88f95a.tar.gz
bugzilla-34f8910f2b22ada382d191052f70a7427c88f95a.tar.xz
Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid javascript in some browsers
r=dkl,a=dkl
-rw-r--r--Bugzilla/Template.pm3
1 files changed, 3 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index ef45cb313..04abe8200 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -859,6 +859,9 @@ sub create {
{
my ($var) = @_;
$var = ' ' . $var if substr($var, 0, 1) eq '=';
+ # backslash is not special to CSV, but it can be used to confuse some browsers...
+ # so we do not allow it to happen. We only do this for logged-in users.
+ $var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
$var =~ s/\"/\"\"/g;
if ($var !~ /^-?(\d+\.)?\d*$/) {
$var = "\"$var\"";