Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when displaying the bug summary

r=gerv a=dkl

Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when displaying the bug summary
dc076ede · Frédéric Buclin · 396ae882 · dc076ede
Commit dc076ede authored Dec 22, 2015 by Frédéric Buclin
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 5 deletions

showdependencygraph.cgi showdependencygraph.cgi +8 -5

No files found.
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -61,7 +61,7 @@ sub CreateImagemap {
            # Pick up bugid from the mapdata label field. Getting the title from
            # bugtitle hash instead of mapdata allows us to get the summary even
            # when showsummary is off, and also gives us status and resolution.
-            my $bugtitle = html_quote(clean_text($bugtitles{$bugid}));
+            my $bugtitle = $bugtitles{$bugid};
            $map .= qq{<area alt="bug $bugid" name="bug$bugid" shape="rect" } .
                    qq{title="$bugtitle" href="$url" } .
                    qq{coords="$leftx,$topy,$rightx,$bottomy">\n};
@@ -180,13 +180,16 @@ foreach my $k (@bug_ids) {
    # Retrieve bug information from the database
    my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k);
-    # Resolution and summary are shown only if user can see the bug
+    $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id'));
-    if (!$user->can_see_bug($k)) {
+    # The bug summary is shown only if the user can see the bug.
+    if ($user->can_see_bug($k)) {
+        $summary = html_quote(clean_text($summary));
+    }
+    else {
        $summary = '';
    }
-    $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id'));
    my @params;
    if ($summary ne "" && $cgi->param('showsummary')) {