diff options
author | Dylan William Hardison <dylan@hardison.net> | 2018-02-16 17:17:55 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2018-02-16 17:17:55 +0100 |
commit | d010759a987a18ee44a515e5d1cc266f154e01a8 (patch) | |
tree | fb1fba41a9755e76c83c79c9bdd522d387d6977f /attachment.cgi | |
parent | c345cbc05311d8ecc51752c59b102d0323bcfb6c (diff) | |
download | bugzilla-d010759a987a18ee44a515e5d1cc266f154e01a8.tar.gz bugzilla-d010759a987a18ee44a515e5d1cc266f154e01a8.tar.xz |
Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from leaking contents of certain fields due to regex search
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-x | attachment.cgi | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/attachment.cgi b/attachment.cgi index d1523d248..d1b260407 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -41,6 +41,7 @@ use File::Basename qw(basename); local our $cgi = Bugzilla->cgi; local our $template = Bugzilla->template; local our $vars = {}; +local $Bugzilla::CGI::ALLOW_UNSAFE_RESPONSE = 1; ################################################################################ # Main Body Execution |