diff options
author | Manish Goregaokar <manishearth@gmail.com> | 2014-04-17 18:37:11 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2014-04-17 18:37:11 +0200 |
commit | 6066ff31980fddc2eb97b987c5bbd1a931495f1e (patch) | |
tree | 2063ecd87ec1588447b0cc8acb5d8831e1fa7510 /Bugzilla/Template.pm | |
parent | e5daf5788336ccbf910ecaf9cf6463ef0ed7081c (diff) | |
download | bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.gz bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.xz |
Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text
r=glob a=justdave
Diffstat (limited to 'Bugzilla/Template.pm')
-rw-r--r-- | Bugzilla/Template.pm | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index cd7507963..08999b27a 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -672,6 +672,17 @@ sub create { my ($data) = @_; return encode_base64($data); }, + + # Strips out control characters excepting whitespace + strip_control_chars => sub { + my ($data) = @_; + # Only run for utf8 to avoid issues with other multibyte encodings + # that may be reassigning meaning to ascii characters. + if (Bugzilla->params->{'utf8'}) { + $data =~ s/(?![\t\r\n])[[:cntrl:]]//g; + } + return $data; + }, # HTML collapses newlines in element attributes to a single space, # so form elements which may have whitespace (ie comments) need |