summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorSimon Green <sgreen@redhat.com>2014-10-06 17:01:03 +0200
committerDavid Lawrence <dkl@mozilla.com>2014-10-06 17:01:03 +0200
commit0ec036b02e033a63deacd9a7ca8af7c77394c45f (patch)
tree17eb0d358dcad3dd0327438b104872e2bcc39695 /Bugzilla
parent976dc12e4ed769bc02ffeb2be03bb1720e885135 (diff)
downloadbugzilla-0ec036b02e033a63deacd9a7ca8af7c77394c45f.tar.gz
bugzilla-0ec036b02e033a63deacd9a7ca8af7c77394c45f.tar.xz
Bug 1054702: CSV export vulnerable to formulae injection
r=glob,a=glob
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Template.pm4
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 98be21d55..7fd3f0e8d 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -738,10 +738,12 @@ sub create {
},
# In CSV, quotes are doubled, and any value containing a quote or a
- # comma is enclosed in quotes.
+ # comma is enclosed in quotes. If a field starts with an equals
+ # sign, it is proceed by a space.
csv => sub
{
my ($var) = @_;
+ $var = ' ' . $var if substr($var, 0, 1) eq '=';
$var =~ s/\"/\"\"/g;
if ($var !~ /^-?(\d+\.)?\d*$/) {
$var = "\"$var\"";