From f8813fc6a94b4e8e6d5e77009458ed8cb5a856c7 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Wed, 28 Dec 2011 17:10:39 -0500 Subject: Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode r=gerv, a=LpSolit --- Bugzilla/Chart.pm | 2 +- report.cgi | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm index 5022723dd..86dcf9d03 100644 --- a/Bugzilla/Chart.pm +++ b/Bugzilla/Chart.pm @@ -438,7 +438,7 @@ sub dump { require Data::Dumper; say "
Bugzilla::Chart object:";
-    print Data::Dumper::Dumper($self);
+    print html_quote(Data::Dumper::Dumper($self));
     print "
"; } diff --git a/report.cgi b/report.cgi index 20e899a6b..209ef0faf 100755 --- a/report.cgi +++ b/report.cgi @@ -288,9 +288,9 @@ print $cgi->header(-type => $format->{'ctype'}, if ($cgi->param('debug')) { require Data::Dumper; say "
data hash:";
-    say Data::Dumper::Dumper(%data);
+    say html_quote(Data::Dumper::Dumper(%data));
     say "\ndata array:";
-    say Data::Dumper::Dumper(@image_data) . "\n\n
"; + say html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n"; } # All formats point to the same section of the documentation. -- cgit v1.2.3-24-g4f1b