Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text

r=glob a=justdave
author: Manish Goregaokar <manishearth@gmail.com> 2014-04-17 18:37:11 +0200
committer: Frédéric Buclin <LpSolit@gmail.com> 2014-04-17 18:37:11 +0200
commit: 6066ff31980fddc2eb97b987c5bbd1a931495f1e (patch)
tree: 2063ecd87ec1588447b0cc8acb5d8831e1fa7510 /Bugzilla/Template.pm
parent: e5daf5788336ccbf910ecaf9cf6463ef0ed7081c (diff)
download: bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.gz
bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index cd7507963..08999b27a 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -672,6 +672,17 @@ sub create {
                 my ($data) = @_;
                 return encode_base64($data);
             },
+
+            # Strips out control characters excepting whitespace
+            strip_control_chars => sub {
+                my ($data) = @_;
+                # Only run for utf8 to avoid issues with other multibyte encodings 
+                # that may be reassigning meaning to ascii characters.
+                if (Bugzilla->params->{'utf8'}) {
+                    $data =~ s/(?![\t\r\n])[[:cntrl:]]//g;
+                }
+                return $data;
+            },
             
             # HTML collapses newlines in element attributes to a single space,
             # so form elements which may have whitespace (ie comments) need
author	Manish Goregaokar <manishearth@gmail.com>	2014-04-17 18:37:11 +0200
committer	Frédéric Buclin <LpSolit@gmail.com>	2014-04-17 18:37:11 +0200
commit	6066ff31980fddc2eb97b987c5bbd1a931495f1e (patch)
tree	2063ecd87ec1588447b0cc8acb5d8831e1fa7510 /Bugzilla/Template.pm
parent	e5daf5788336ccbf910ecaf9cf6463ef0ed7081c (diff)
download	bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.gz bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.xz