diff options
| author | Manish Goregaokar <manishearth@gmail.com> | 2014-04-17 18:37:11 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2014-04-17 18:37:11 +0200 |
| commit | 6066ff31980fddc2eb97b987c5bbd1a931495f1e (patch) | |
| tree | 2063ecd87ec1588447b0cc8acb5d8831e1fa7510 /Bugzilla | |
| parent | e5daf5788336ccbf910ecaf9cf6463ef0ed7081c (diff) | |
| download | bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.gz bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.xz | |
Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text
r=glob a=justdave
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Template.pm | 11 | ||||
| -rw-r--r-- | Bugzilla/Util.pm | 4 |
2 files changed, 15 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index cd7507963..08999b27a 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -672,6 +672,17 @@ sub create { my ($data) = @_; return encode_base64($data); }, + + # Strips out control characters excepting whitespace + strip_control_chars => sub { + my ($data) = @_; + # Only run for utf8 to avoid issues with other multibyte encodings + # that may be reassigning meaning to ascii characters. + if (Bugzilla->params->{'utf8'}) { + $data =~ s/(?![\t\r\n])[[:cntrl:]]//g; + } + return $data; + }, # HTML collapses newlines in element attributes to a single space, # so form elements which may have whitespace (ie comments) need diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index c2dbdc97d..48507ff9e 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -91,6 +91,10 @@ sub html_quote { # Obscure '@'. $var =~ s/\@/\@/g; if (Bugzilla->params->{'utf8'}) { + # Remove control characters if the encoding is utf8. + # Other multibyte encodings may be using this range; so ignore if not utf8. + $var =~ s/(?![\t\r\n])[[:cntrl:]]//g; + # Remove the following characters because they're # influencing BiDi: # -------------------------------------------------------- |