Skip to content

bugzilla
bugzilla
Commit 8b0d558c authored by Frédéric Buclin's avatar Frédéric Buclin
Browse files
Options

Bug 1259881 - CSV export vulnerable to formulae injection (again)

r=sgreen a=dkl
parent ea0c5024
Show whitespace changes
Inline Side-by-side
Showing with 4 additions and 3 deletions
Bugzilla/Template.pm
View file @ 8b0d558c
...@@ -865,12 +865,13 @@ sub create { ...@@ -865,12 +865,13 @@ sub create {
}, },
# In CSV, quotes are doubled, and any value containing a quote or a # In CSV, quotes are doubled, and any value containing a quote or a
# comma is enclosed in quotes. If a field starts with an equals # comma is enclosed in quotes.
# sign, it is proceed by a space. # If a field starts with either "=", "+", "-" or "@", it is preceded
# by a space to prevent stupid formula execution from Excel & co.
csv => sub csv => sub
{ {
my ($var) = @_; my ($var) = @_;
$var = ' ' . $var if substr($var, 0, 1) eq '='; $var = ' ' . $var if $var =~ /^[+=@-]/;
# backslash is not special to CSV, but it can be used to confuse some browsers... # backslash is not special to CSV, but it can be used to confuse some browsers...
# so we do not allow it to happen. We only do this for logged-in users. # so we do not allow it to happen. We only do this for logged-in users.
$var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id; $var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment