summaryrefslogtreecommitdiffstats
path: root/report.cgi
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2011-12-28 23:03:56 +0100
committerDave Lawrence <dlawrence@mozilla.com>2011-12-28 23:03:56 +0100
commit6f323ff54643622bcd31f6b7577ab1a23d16f590 (patch)
treea75d267bf140c001bd867f9498748cb60b3853f6 /report.cgi
parent9314fd25d9bddaf4c0a9796821960cb1935ccd9a (diff)
downloadbugzilla-6f323ff54643622bcd31f6b7577ab1a23d16f590.tar.gz
bugzilla-6f323ff54643622bcd31f6b7577ab1a23d16f590.tar.xz
Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode
r=gerv, a=LpSolit
Diffstat (limited to 'report.cgi')
-rwxr-xr-xreport.cgi4
1 files changed, 2 insertions, 2 deletions
diff --git a/report.cgi b/report.cgi
index a71776bfe..dccc470a7 100755
--- a/report.cgi
+++ b/report.cgi
@@ -288,9 +288,9 @@ print $cgi->header(-type => $format->{'ctype'},
if ($cgi->param('debug')) {
require Data::Dumper;
print "<pre>data hash:\n";
- print Data::Dumper::Dumper(%data) . "\n\n";
+ print html_quote(Data::Dumper::Dumper(%data)) . "\n\n";
print "data array:\n";
- print Data::Dumper::Dumper(@image_data) . "\n\n</pre>";
+ print html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>";
}
# All formats point to the same section of the documentation.