diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 16:29:01 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 16:29:01 +0200 |
commit | 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch) | |
tree | 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /attachment.cgi | |
parent | 553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff) | |
download | bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz |
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-x | attachment.cgi | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/attachment.cgi b/attachment.cgi index f2eca5694..3d0ac2bb6 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -196,8 +196,9 @@ sub validateContext { my $context = $cgi->param('context') || "patch"; if ($context ne "file" && $context ne "patch") { - detaint_natural($context) - || ThrowUserError("invalid_context", { context => $cgi->param('context') }); + my $orig_context = $context; + detaint_natural($context) + || ThrowUserError("invalid_context", { context => $orig_context }); } return $context; @@ -515,13 +516,14 @@ sub insert { # Get the filehandle of the attachment. my $data_fh = $cgi->upload('data'); + my $attach_text = $cgi->param('attach_text'); my $attachment = Bugzilla::Attachment->create( {bug => $bug, creation_ts => $timestamp, - data => scalar $cgi->param('attach_text') || $data_fh, + data => $attach_text || $data_fh, description => scalar $cgi->param('description'), - filename => $cgi->param('attach_text') ? "file_$bugid.txt" : scalar $cgi->upload('data'), + filename => $attach_text ? "file_$bugid.txt" : $data_fh, ispatch => scalar $cgi->param('ispatch'), isprivate => scalar $cgi->param('isprivate'), mimetype => $content_type, |