diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-15 17:07:20 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-15 17:07:20 +0100 |
commit | 27daf484e99ea638f10beec81f41a2bcb412fd4d (patch) | |
tree | 088d75d8a696cd767b9c595a565ecb3d8e878bf1 /showdependencygraph.cgi | |
parent | 53d6ba4398b0e27216d5152dea3fbe0a9f0e1572 (diff) | |
download | bugzilla-27daf484e99ea638f10beec81f41a2bcb412fd4d.tar.gz bugzilla-27daf484e99ea638f10beec81f41a2bcb412fd4d.tar.xz |
Bug 1253267: DOT injection vulnerability in dependency graphs when long bug summaries are wrapped
r=dkl
Diffstat (limited to 'showdependencygraph.cgi')
-rwxr-xr-x | showdependencygraph.cgi | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index e692167de..196d8f84e 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -199,6 +199,9 @@ foreach my $k (@bug_ids) { utf8::encode($summary) if utf8::is_utf8($summary); $summary = wrap_comment($summary); $summary =~ s/([\\\"])/\\$1/g; + # Newlines must be escaped too, to not break the .map file + # and to prevent code injection. + $summary =~ s/\n/\\n/g; push(@params, qq{label="$k\\n$summary"}); } |