Commit ba0b55ce authored by lpsolit%gmail.com's avatar lpsolit%gmail.com

Bug 441921: context=file fails due to taint issues in file names and file rev…

Bug 441921: context=file fails due to taint issues in file names and file rev numbers - Patch by Fré©ric Buclin <LpSolit@gmail.com> r=himorin a=LpSolit
parent 66146a6e
...@@ -23,8 +23,6 @@ use Bugzilla::Error; ...@@ -23,8 +23,6 @@ use Bugzilla::Error;
use Bugzilla::Attachment; use Bugzilla::Attachment;
use Bugzilla::Util; use Bugzilla::Util;
use Encode;
sub process_diff { sub process_diff {
my ($attachment, $format, $context) = @_; my ($attachment, $format, $context) = @_;
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
...@@ -78,9 +76,9 @@ sub process_diff { ...@@ -78,9 +76,9 @@ sub process_diff {
setup_template_patch_reader($last_reader, $format, $context, $vars); setup_template_patch_reader($last_reader, $format, $context, $vars);
# The patch is going to be displayed in a HTML page and if the utf8 # The patch is going to be displayed in a HTML page and if the utf8
# param is enabled, we have to encode attachment data as utf8. # param is enabled, we have to encode attachment data as utf8.
# Encode::decode() knows what to do with invalid characters.
if (Bugzilla->params->{'utf8'}) { if (Bugzilla->params->{'utf8'}) {
$attachment->{data} = Encode::decode_utf8($attachment->data); $attachment->data; # Populate ->{data}
utf8::decode($attachment->{data});
} }
$reader->iterate_string('Attachment ' . $attachment->id, $attachment->data); $reader->iterate_string('Attachment ' . $attachment->id, $attachment->data);
} }
...@@ -94,10 +92,11 @@ sub process_interdiff { ...@@ -94,10 +92,11 @@ sub process_interdiff {
# Encode attachment data as utf8 if it's going to be displayed in a HTML # Encode attachment data as utf8 if it's going to be displayed in a HTML
# page using the UTF-8 encoding. # page using the UTF-8 encoding.
# Encode::decode() knows what to do with invalid characters.
if ($format ne 'raw' && Bugzilla->params->{'utf8'}) { if ($format ne 'raw' && Bugzilla->params->{'utf8'}) {
$old_attachment->{data} = Encode::decode_utf8($old_attachment->data); $old_attachment->data; # Populate ->{data}
$new_attachment->{data} = Encode::decode_utf8($new_attachment->data); utf8::decode($old_attachment->{data});
$new_attachment->data; # Populate ->{data}
utf8::decode($new_attachment->{data});
} }
# Get old patch data. # Get old patch data.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment