summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2014-10-06 16:25:06 +0200
committerDavid Lawrence <dkl@mozilla.com>2014-10-06 16:25:06 +0200
commitce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad (patch)
tree3708d76568e9b7152fbb8dbe8c1b7b5690b8394c /attachment.cgi
parentb07267acd0301aef84aa74fc4aea39481cea6ad5 (diff)
downloadbugzilla-ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad.tar.gz
bugzilla-ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad.tar.xz
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi10
1 files changed, 6 insertions, 4 deletions
diff --git a/attachment.cgi b/attachment.cgi
index 0078a4c16..d707d68c0 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -228,8 +228,9 @@ sub validateContext
{
my $context = $cgi->param('context') || "patch";
if ($context ne "file" && $context ne "patch") {
- detaint_natural($context)
- || ThrowUserError("invalid_context", { context => $cgi->param('context') });
+ my $orig_context = $context;
+ detaint_natural($context)
+ || ThrowUserError("invalid_context", { context => $orig_context });
}
return $context;
@@ -537,13 +538,14 @@ sub insert {
# Get the filehandle of the attachment.
my $data_fh = $cgi->upload('data');
+ my $attach_text = $cgi->param('attach_text');
my $attachment = Bugzilla::Attachment->create(
{bug => $bug,
creation_ts => $timestamp,
- data => scalar $cgi->param('attach_text') || $data_fh,
+ data => $attach_text || $data_fh,
description => scalar $cgi->param('description'),
- filename => $cgi->param('attach_text') ? "file_$bugid.txt" : scalar $cgi->upload('data'),
+ filename => $attach_text ? "file_$bugid.txt" : $data_fh,
ispatch => scalar $cgi->param('ispatch'),
isprivate => scalar $cgi->param('isprivate'),
mimetype => $content_type,