Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to header-injection…

Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to header-injection due to use of |print "Location:"| instead of $cgi->redirect [r=mkanat a=LpSolit]

Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to header-injection…
38eeecf6 · Reed Loden · 078c4931 · 38eeecf6
Commit 38eeecf6 authored Jan 24, 2011 by Reed Loden
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

chart.cgi chart.cgi +3 -3

No files found.
--- a/chart.cgi
+++ b/chart.cgi
@@ -74,8 +74,8 @@ if (!Bugzilla->feature('new_charts')) {
 # Go back to query.cgi if we are adding a boolean chart parameter.
 if (grep(/^cmd-/, $cgi->param())) {
    my $params = $cgi->canonicalise_query("format", "ctype", "action");
-    print "Location: query.cgi?format=" . $cgi->param('query_format') .
-                                          ($params ? "&$params" : "") . "\n\n";
+    print $cgi->redirect("query.cgi?format=" . $cgi->param('query_format') .
+                                               ($params ? "&$params" : ""));
    exit;
 }

@@ -98,7 +98,7 @@ $action ||= "assemble";
 # Go to buglist.cgi if we are doing a search.
 if ($action eq "search") {
    my $params = $cgi->canonicalise_query("format", "ctype", "action");
-    print "Location: buglist.cgi" . ($params ? "?$params" : "") . "\n\n";
+    print $cgi->redirect("buglist.cgi" . ($params ? "?$params" : ""));
    exit;
 }