Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text

r=glob a=justdave
author: Manish Goregaokar <manishearth@gmail.com> 2014-04-17 18:27:05 +0200
committer: Frédéric Buclin <LpSolit@gmail.com> 2014-04-17 18:27:05 +0200
commit: 58b92d3b0245f6565a7ff34e78fce1e9ec56b355 (patch)
tree: 5b66f0684021f72559184c04a0a4f8294f863582 /template/en/default/email/flagmail.txt.tmpl
parent: 0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 (diff)
download: bugzilla-58b92d3b0245f6565a7ff34e78fce1e9ec56b355.tar.gz
bugzilla-58b92d3b0245f6565a7ff34e78fce1e9ec56b355.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/email/flagmail.txt.tmpl b/template/en/default/email/flagmail.txt.tmpl
index 26b60143d..fe514e103 100644
--- a/template/en/default/email/flagmail.txt.tmpl
+++ b/template/en/default/email/flagmail.txt.tmpl
@@ -69,7 +69,7 @@ Attachment [% attidsummary %]
 [%-# .defined is necessary to avoid a taint issue, see bug 509794. %]
 [% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %]
 ------- Additional Comments from [% user.identity %]
-[%+ Bugzilla.cgi.param("comment") %]
+[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %]
 [% END %]
 
 [%- END %]
author	Manish Goregaokar <manishearth@gmail.com>	2014-04-17 18:27:05 +0200
committer	Frédéric Buclin <LpSolit@gmail.com>	2014-04-17 18:27:05 +0200
commit	58b92d3b0245f6565a7ff34e78fce1e9ec56b355 (patch)
tree	5b66f0684021f72559184c04a0a4f8294f863582 /template/en/default/email/flagmail.txt.tmpl
parent	0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 (diff)
download	bugzilla-58b92d3b0245f6565a7ff34e78fce1e9ec56b355.tar.gz bugzilla-58b92d3b0245f6565a7ff34e78fce1e9ec56b355.tar.xz