summaryrefslogtreecommitdiffstats
path: root/showdependencygraph.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 06:25:33 +0200
committerlpsolit%gmail.com <>2006-10-15 06:25:33 +0200
commitef822794d93408e154ad0835c127485a537fa186 (patch)
treefaea2054477e743015dbc3bce25c448fb6da9cb8 /showdependencygraph.cgi
parent79b572263ea0dfcc1638757057825c3e6a2ee38d (diff)
downloadbugzilla-ef822794d93408e154ad0835c127485a537fa186.tar.gz
bugzilla-ef822794d93408e154ad0835c127485a537fa186.tar.xz
Bug 355728: [SECURITY] XSS in the "id" parameter of showdependencygraph.cgi when "doall" is set - Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit a=justdave
Diffstat (limited to 'showdependencygraph.cgi')
-rwxr-xr-xshowdependencygraph.cgi4
1 files changed, 3 insertions, 1 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 00442c4f3..e483fd0f8 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -276,7 +276,9 @@ foreach my $f (@files)
}
}
-$vars->{'bug_id'} = $cgi->param('id');
+# Make sure we only include valid integers (protects us from XSS attacks).
+my @bugs = grep(detaint_natural($_), split(/[\s,]+/, $cgi->param('id')));
+$vars->{'bug_id'} = join(', ', @bugs);
$vars->{'multiple_bugs'} = ($cgi->param('id') =~ /[ ,]/);
$vars->{'doall'} = $cgi->param('doall');
$vars->{'rankdir'} = $rankdir;