diff options
author | Byron Jones <glob@mozilla.com> | 2011-08-04 22:33:28 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-04 22:33:28 +0200 |
commit | 818ad5e10408f6b513ac276f575bceb082401142 (patch) | |
tree | 450f4742368ac5ff584821185d0ddbbd323d4dc8 /Bugzilla/Attachment | |
parent | 10e5c4a1c297d0c7a22f866b9941ac71f70d0dd6 (diff) | |
download | bugzilla-818ad5e10408f6b513ac276f575bceb082401142.tar.gz bugzilla-818ad5e10408f6b513ac276f575bceb082401142.tar.xz |
Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause XSS on this domain in IE 6-8 and Safari
r/a=LpSolit
Diffstat (limited to 'Bugzilla/Attachment')
-rw-r--r-- | Bugzilla/Attachment/PatchReader.pm | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Bugzilla/Attachment/PatchReader.pm b/Bugzilla/Attachment/PatchReader.pm index cfc7610f4..01a624a8f 100644 --- a/Bugzilla/Attachment/PatchReader.pm +++ b/Bugzilla/Attachment/PatchReader.pm @@ -37,6 +37,7 @@ sub process_diff { $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw()); # Actually print out the patch. print $cgi->header(-type => 'text/plain', + -x_content_type_options => "nosniff", -expires => '+3M'); disable_utf8(); $reader->iterate_string('Attachment ' . $attachment->id, $attachment->data); @@ -118,6 +119,7 @@ sub process_interdiff { $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw()); # Actually print out the patch. print $cgi->header(-type => 'text/plain', + -x_content_type_options => "nosniff", -expires => '+3M'); disable_utf8(); } |