summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2011-01-24 19:12:00 +0100
committerReed Loden <reed@reedloden.com>2011-01-24 19:12:00 +0100
commit38eeecf6362b6dc17718c84a35dbbaea7cc15ccd (patch)
tree5c5153c1f757917bd75e573ecea4d02f62616f52
parent078c49317674c5d62135deff544a0b72a4546cdf (diff)
downloadbugzilla-38eeecf6362b6dc17718c84a35dbbaea7cc15ccd.tar.gz
bugzilla-38eeecf6362b6dc17718c84a35dbbaea7cc15ccd.tar.xz
Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to header-injection due to use of |print "Location:"| instead of $cgi->redirect
[r=mkanat a=LpSolit]
-rwxr-xr-xchart.cgi6
1 files changed, 3 insertions, 3 deletions
diff --git a/chart.cgi b/chart.cgi
index a04cde068..e7a0f5e8b 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -74,8 +74,8 @@ if (!Bugzilla->feature('new_charts')) {
# Go back to query.cgi if we are adding a boolean chart parameter.
if (grep(/^cmd-/, $cgi->param())) {
my $params = $cgi->canonicalise_query("format", "ctype", "action");
- print "Location: query.cgi?format=" . $cgi->param('query_format') .
- ($params ? "&$params" : "") . "\n\n";
+ print $cgi->redirect("query.cgi?format=" . $cgi->param('query_format') .
+ ($params ? "&$params" : ""));
exit;
}
@@ -98,7 +98,7 @@ $action ||= "assemble";
# Go to buglist.cgi if we are doing a search.
if ($action eq "search") {
my $params = $cgi->canonicalise_query("format", "ctype", "action");
- print "Location: buglist.cgi" . ($params ? "?$params" : "") . "\n\n";
+ print $cgi->redirect("buglist.cgi" . ($params ? "?$params" : ""));
exit;
}