Commit ce870730 authored by Dylan Hardison's avatar Dylan Hardison

Bug 1232785 - [SECURITY] Buglists in CSV format can be parsed as valid javascript in some browsers

r=dkl,a=dkl
parent 5f7540c1
...@@ -719,6 +719,9 @@ sub create { ...@@ -719,6 +719,9 @@ sub create {
{ {
my ($var) = @_; my ($var) = @_;
$var = ' ' . $var if substr($var, 0, 1) eq '='; $var = ' ' . $var if substr($var, 0, 1) eq '=';
# backslash is not special to CSV, but it can be used to confuse some browsers...
# so we do not allow it to happen. We only do this for logged-in users.
$var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
$var =~ s/\"/\"\"/g; $var =~ s/\"/\"\"/g;
if ($var !~ /^-?(\d+\.)?\d*$/) { if ($var !~ /^-?(\d+\.)?\d*$/) {
$var = "\"$var\""; $var = "\"$var\"";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment