From 818ad5e10408f6b513ac276f575bceb082401142 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Thu, 4 Aug 2011 22:33:28 +0200
Subject: Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can
 cause XSS on this domain in IE 6-8 and Safari r/a=LpSolit

---
 Bugzilla/Attachment/PatchReader.pm | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Bugzilla/Attachment/PatchReader.pm')

diff --git a/Bugzilla/Attachment/PatchReader.pm b/Bugzilla/Attachment/PatchReader.pm
index cfc7610f4..01a624a8f 100644
--- a/Bugzilla/Attachment/PatchReader.pm
+++ b/Bugzilla/Attachment/PatchReader.pm
@@ -37,6 +37,7 @@ sub process_diff {
         $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
         # Actually print out the patch.
         print $cgi->header(-type => 'text/plain',
+                           -x_content_type_options => "nosniff",
                            -expires => '+3M');
         disable_utf8();
         $reader->iterate_string('Attachment ' . $attachment->id, $attachment->data);
@@ -118,6 +119,7 @@ sub process_interdiff {
         $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
         # Actually print out the patch.
         print $cgi->header(-type => 'text/plain',
+                           -x_content_type_options => "nosniff",
                            -expires => '+3M');
         disable_utf8();
     }
-- 
cgit v1.2.3-24-g4f1b