Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text

r=glob a=justdave

2 files changed, 2 insertions, 2 deletions

diff --git a/template/en/default/email/bugmail.txt.tmpl b/template/en/default/email/bugmail.txt.tmpl
index 0b349fb15..a3a0b873c 100644
--- a/template/en/default/email/bugmail.txt.tmpl
+++ b/template/en/default/email/bugmail.txt.tmpl
@@ -32,7 +32,7 @@
 [%- IF comment.count %]
 --- Comment #[% comment.count %] from [% comment.author.identity %] ---
 [% END %]
-[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) %]
+[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %]
 [% END %]
 
 -- [%# Protect the trailing space of the signature marker %]
diff --git a/template/en/default/request/email.txt.tmpl b/template/en/default/request/email.txt.tmpl
index fb957484b..65946a1e1 100644
--- a/template/en/default/request/email.txt.tmpl
+++ b/template/en/default/request/email.txt.tmpl
@@ -84,7 +84,7 @@ Attachment [% attidsummary %]
 [%-# .defined is necessary to avoid a taint issue in Perl < 5.10.1, see bug 509794. %]
 [% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %]
 ------- Additional Comments from [% user.identity %]
-[%+ Bugzilla.cgi.param("comment") %]
+[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %]
 [% END %]
 
 [%- END %]