From ef822794d93408e154ad0835c127485a537fa186 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sun, 15 Oct 2006 04:25:33 +0000
Subject: Bug 355728: [SECURITY] XSS in the "id" parameter of
 showdependencygraph.cgi when "doall" is set - Patch by Max Kanat-Alexander
 <mkanat@bugzilla.org> r=LpSolit a=justdave

---
 showdependencygraph.cgi | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'showdependencygraph.cgi')

diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 00442c4f3..e483fd0f8 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -276,7 +276,9 @@ foreach my $f (@files)
     }
 }
 
-$vars->{'bug_id'} = $cgi->param('id');
+# Make sure we only include valid integers (protects us from XSS attacks).
+my @bugs = grep(detaint_natural($_), split(/[\s,]+/, $cgi->param('id')));
+$vars->{'bug_id'} = join(', ', @bugs);
 $vars->{'multiple_bugs'} = ($cgi->param('id') =~ /[ ,]/);
 $vars->{'doall'} = $cgi->param('doall');
 $vars->{'rankdir'} = $rankdir;
-- 
cgit v1.2.3-24-g4f1b