diff options
author | Byron Jones <glob@mozilla.com> | 2011-12-28 23:03:56 +0100 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2011-12-28 23:03:56 +0100 |
commit | 6f323ff54643622bcd31f6b7577ab1a23d16f590 (patch) | |
tree | a75d267bf140c001bd867f9498748cb60b3853f6 /report.cgi | |
parent | 9314fd25d9bddaf4c0a9796821960cb1935ccd9a (diff) | |
download | bugzilla-6f323ff54643622bcd31f6b7577ab1a23d16f590.tar.gz bugzilla-6f323ff54643622bcd31f6b7577ab1a23d16f590.tar.xz |
Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode
r=gerv, a=LpSolit
Diffstat (limited to 'report.cgi')
-rwxr-xr-x | report.cgi | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/report.cgi b/report.cgi index a71776bfe..dccc470a7 100755 --- a/report.cgi +++ b/report.cgi @@ -288,9 +288,9 @@ print $cgi->header(-type => $format->{'ctype'}, if ($cgi->param('debug')) { require Data::Dumper; print "<pre>data hash:\n"; - print Data::Dumper::Dumper(%data) . "\n\n"; + print html_quote(Data::Dumper::Dumper(%data)) . "\n\n"; print "data array:\n"; - print Data::Dumper::Dumper(@image_data) . "\n\n</pre>"; + print html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>"; } # All formats point to the same section of the documentation. |