diff options
| author | Byron Jones <glob@mozilla.com> | 2011-12-28 23:10:39 +0100 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2011-12-28 23:10:39 +0100 |
| commit | f8813fc6a94b4e8e6d5e77009458ed8cb5a856c7 (patch) | |
| tree | 296e87acc2821814a20e53e91466621de93a1b99 /report.cgi | |
| parent | c60154086000258e8a9269d896aa8b9d41cb711c (diff) | |
| download | bugzilla-f8813fc6a94b4e8e6d5e77009458ed8cb5a856c7.tar.gz bugzilla-f8813fc6a94b4e8e6d5e77009458ed8cb5a856c7.tar.xz | |
Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode
r=gerv, a=LpSolit
Diffstat (limited to 'report.cgi')
| -rwxr-xr-x | report.cgi | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/report.cgi b/report.cgi index 20e899a6b..209ef0faf 100755 --- a/report.cgi +++ b/report.cgi @@ -288,9 +288,9 @@ print $cgi->header(-type => $format->{'ctype'}, if ($cgi->param('debug')) { require Data::Dumper; say "<pre>data hash:"; - say Data::Dumper::Dumper(%data); + say html_quote(Data::Dumper::Dumper(%data)); say "\ndata array:"; - say Data::Dumper::Dumper(@image_data) . "\n\n</pre>"; + say html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>"; } # All formats point to the same section of the documentation. |