diff options
| author | Simon Green <sgreen@redhat.com> | 2014-10-06 17:01:03 +0200 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 17:01:03 +0200 |
| commit | 0ec036b02e033a63deacd9a7ca8af7c77394c45f (patch) | |
| tree | 17eb0d358dcad3dd0327438b104872e2bcc39695 /Bugzilla | |
| parent | 976dc12e4ed769bc02ffeb2be03bb1720e885135 (diff) | |
| download | bugzilla-0ec036b02e033a63deacd9a7ca8af7c77394c45f.tar.gz bugzilla-0ec036b02e033a63deacd9a7ca8af7c77394c45f.tar.xz | |
Bug 1054702: CSV export vulnerable to formulae injection
r=glob,a=glob
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Template.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 98be21d55..7fd3f0e8d 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -738,10 +738,12 @@ sub create { }, # In CSV, quotes are doubled, and any value containing a quote or a - # comma is enclosed in quotes. + # comma is enclosed in quotes. If a field starts with an equals + # sign, it is proceed by a space. csv => sub { my ($var) = @_; + $var = ' ' . $var if substr($var, 0, 1) eq '='; $var =~ s/\"/\"\"/g; if ($var !~ /^-?(\d+\.)?\d*$/) { $var = "\"$var\""; |