diff options
author | Simon Green <sgreen@redhat.com> | 2014-10-06 17:04:40 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 17:04:40 +0200 |
commit | 10e40c5707d383303c7837f526c3ab06466ede98 (patch) | |
tree | 94f4876bbbc7442d61f74938190c7bfdfac13e45 /Bugzilla/Template.pm | |
parent | fa954ab78cc60aba43aedb85e2b4f98d56d7bf9d (diff) | |
download | bugzilla-10e40c5707d383303c7837f526c3ab06466ede98.tar.gz bugzilla-10e40c5707d383303c7837f526c3ab06466ede98.tar.xz |
Bug 1054702: CSV export vulnerable to formulae injection
r=glob,a=glob
Diffstat (limited to 'Bugzilla/Template.pm')
-rw-r--r-- | Bugzilla/Template.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index e4c1bf460..ca467577f 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -890,10 +890,12 @@ sub create { }, # In CSV, quotes are doubled, and any value containing a quote or a - # comma is enclosed in quotes. + # comma is enclosed in quotes. If a field starts with an equals + # sign, it is proceed by a space. csv => sub { my ($var) = @_; + $var = ' ' . $var if substr($var, 0, 1) eq '='; $var =~ s/\"/\"\"/g; if ($var !~ /^-?(\d+\.)?\d*$/) { $var = "\"$var\""; |