From 0ec036b02e033a63deacd9a7ca8af7c77394c45f Mon Sep 17 00:00:00 2001 From: Simon Green Date: Mon, 6 Oct 2014 15:01:03 +0000 Subject: Bug 1054702: CSV export vulnerable to formulae injection r=glob,a=glob --- Bugzilla/Template.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'Bugzilla') diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 98be21d55..7fd3f0e8d 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -738,10 +738,12 @@ sub create { }, # In CSV, quotes are doubled, and any value containing a quote or a - # comma is enclosed in quotes. + # comma is enclosed in quotes. If a field starts with an equals + # sign, it is proceed by a space. csv => sub { my ($var) = @_; + $var = ' ' . $var if substr($var, 0, 1) eq '='; $var =~ s/\"/\"\"/g; if ($var !~ /^-?(\d+\.)?\d*$/) { $var = "\"$var\""; -- cgit v1.2.3-24-g4f1b