From 58b92d3b0245f6565a7ff34e78fce1e9ec56b355 Mon Sep 17 00:00:00 2001
From: Manish Goregaokar <manishearth@gmail.com>
Date: Thu, 17 Apr 2014 18:27:05 +0200
Subject: Bug 968576: [SECURITY] Dangerous control characters allowed in
 Bugzilla text r=glob a=justdave

---
 Bugzilla/Template.pm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'Bugzilla/Template.pm')

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 56d31dd2d..6f7900054 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -678,6 +678,18 @@ sub create {
                 my ($data) = @_;
                 return encode_base64($data);
             },
+
+            # Strips out control characters excepting whitespace
+            strip_control_chars => sub {
+                my ($data) = @_;
+                state $use_utf8 = Bugzilla->params->{'utf8'};
+                # Only run for utf8 to avoid issues with other multibyte encodings 
+                # that may be reassigning meaning to ascii characters.
+                if ($use_utf8) {
+                    $data =~ s/(?![\t\r\n])[[:cntrl:]]//g;
+                }
+                return $data;
+            },
             
             # HTML collapses newlines in element attributes to a single space,
             # so form elements which may have whitespace (ie comments) need
-- 
cgit v1.2.3-24-g4f1b