summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2014-10-06 16:29:01 +0200
committerDavid Lawrence <dkl@mozilla.com>2014-10-06 16:29:01 +0200
commit9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree3ddcb53698d5f608dd9228b1632481f4a0fcc04f /attachment.cgi
parent553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff)
downloadbugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz
bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi10
1 files changed, 6 insertions, 4 deletions
diff --git a/attachment.cgi b/attachment.cgi
index f2eca5694..3d0ac2bb6 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -196,8 +196,9 @@ sub validateContext
{
my $context = $cgi->param('context') || "patch";
if ($context ne "file" && $context ne "patch") {
- detaint_natural($context)
- || ThrowUserError("invalid_context", { context => $cgi->param('context') });
+ my $orig_context = $context;
+ detaint_natural($context)
+ || ThrowUserError("invalid_context", { context => $orig_context });
}
return $context;
@@ -515,13 +516,14 @@ sub insert {
# Get the filehandle of the attachment.
my $data_fh = $cgi->upload('data');
+ my $attach_text = $cgi->param('attach_text');
my $attachment = Bugzilla::Attachment->create(
{bug => $bug,
creation_ts => $timestamp,
- data => scalar $cgi->param('attach_text') || $data_fh,
+ data => $attach_text || $data_fh,
description => scalar $cgi->param('description'),
- filename => $cgi->param('attach_text') ? "file_$bugid.txt" : scalar $cgi->upload('data'),
+ filename => $attach_text ? "file_$bugid.txt" : $data_fh,
ispatch => scalar $cgi->param('ispatch'),
isprivate => scalar $cgi->param('isprivate'),
mimetype => $content_type,