Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular…

Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode r=gerv, a=LpSolit

Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular…
f8813fc6 · Byron Jones · Dave Lawrence · c6015408 · f8813fc6 · f8813fc6
Commit f8813fc6 authored Dec 28, 2011 by Byron Jones Committed by Dave Lawrence Dec 28, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

Chart.pm Bugzilla/Chart.pm +1 -1

report.cgi report.cgi +2 -2

No files found.
--- a/Bugzilla/Chart.pm
+++ b/Bugzilla/Chart.pm
@@ -438,7 +438,7 @@ sub dump {
    
    require Data::Dumper;
    say "<pre>Bugzilla::Chart object:";
-    print Data::Dumper::Dumper($self);
+    print html_quote(Data::Dumper::Dumper($self));
    print "</pre>";
 }


--- a/report.cgi
+++ b/report.cgi
@@ -288,9 +288,9 @@ print $cgi->header(-type => $format->{'ctype'},
 if ($cgi->param('debug')) {
    require Data::Dumper;
    say "<pre>data hash:";
-    say Data::Dumper::Dumper(%data);
+    say html_quote(Data::Dumper::Dumper(%data));
    say "\ndata array:";
-    say Data::Dumper::Dumper(@image_data) . "\n\n</pre>";
+    say html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>";
 }

 # All formats point to the same section of the documentation.