diff options
| author | lpsolit%gmail.com <> | 2006-10-15 06:25:33 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-15 06:25:33 +0200 |
| commit | ef822794d93408e154ad0835c127485a537fa186 (patch) | |
| tree | faea2054477e743015dbc3bce25c448fb6da9cb8 /showdependencygraph.cgi | |
| parent | 79b572263ea0dfcc1638757057825c3e6a2ee38d (diff) | |
| download | bugzilla-ef822794d93408e154ad0835c127485a537fa186.tar.gz bugzilla-ef822794d93408e154ad0835c127485a537fa186.tar.xz | |
Bug 355728: [SECURITY] XSS in the "id" parameter of showdependencygraph.cgi when "doall" is set - Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit a=justdave
Diffstat (limited to 'showdependencygraph.cgi')
| -rwxr-xr-x | showdependencygraph.cgi | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 00442c4f3..e483fd0f8 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -276,7 +276,9 @@ foreach my $f (@files) } } -$vars->{'bug_id'} = $cgi->param('id'); +# Make sure we only include valid integers (protects us from XSS attacks). +my @bugs = grep(detaint_natural($_), split(/[\s,]+/, $cgi->param('id'))); +$vars->{'bug_id'} = join(', ', @bugs); $vars->{'multiple_bugs'} = ($cgi->param('id') =~ /[ ,]/); $vars->{'doall'} = $cgi->param('doall'); $vars->{'rankdir'} = $rankdir; |