diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-01-26 18:54:38 +0100 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2017-01-26 18:54:38 +0100 |
| commit | e3209457f2d4a6a134d73d0f0e5069ccfc8f88d0 (patch) | |
| tree | d337d7b23ebe2faeda8168faccbe6fc33b7a2aa3 /show_bug.cgi | |
| parent | c768148f9facf779d572145236453e50e99bee1d (diff) | |
| download | bugzilla-e3209457f2d4a6a134d73d0f0e5069ccfc8f88d0.tar.gz bugzilla-e3209457f2d4a6a134d73d0f0e5069ccfc8f88d0.tar.xz | |
Bug 1334158 - Lightbox images CSP error on bug modal
Diffstat (limited to 'show_bug.cgi')
| -rwxr-xr-x | show_bug.cgi | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/show_bug.cgi b/show_bug.cgi index d4e6ea771..d2695a66f 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -20,6 +20,7 @@ use Bugzilla::Keyword; use Bugzilla::Bug; use Bugzilla::Hook; use Bugzilla::CGI; +use Bugzilla::Util qw(detaint_natural); my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; @@ -37,10 +38,6 @@ my $format = $template->get_format("bug/show", $format_params->{format}, $format_params->{ctype}); -if ($format_params->{format} eq 'modal') { - $cgi->content_security_policy(Bugzilla::CGI::SHOW_BUG_MODAL_CSP()); -} - # Editable, 'single' HTML bugs are treated slightly specially in a few places my $single = (!$format->{format} || $format->{format} ne 'multiple') && $format->{extension} eq 'html'; @@ -53,6 +50,13 @@ if (!$cgi->param('id') && $single) { exit; } +if ($format_params->{format} eq 'modal') { + my $bug_id = $cgi->param('id'); + detaint_natural($bug_id); + $cgi->content_security_policy(Bugzilla::CGI::SHOW_BUG_MODAL_CSP($bug_id)); +} + + my @bugs; my %marks; |