diff options
| author |   Byron Jones <glob@mozilla.com> | 2011-12-28 16:51:44 -0500 |
|---|---|---|
| committer |   Dave Lawrence <dlawrence@mozilla.com> | 2011-12-28 16:51:44 -0500 |
| commit | 8b84903171c75a4ab461bd331def7069eaf6540c (patch) | |
| tree | dae841c10973710b36e81620b9efe6fdc05336e4 | |
| parent | Bug 713344: Release notes for Bugzilla 3.6.7 (diff) | |
| download | bugzilla-8b84903171c75a4ab461bd331def7069eaf6540c.tar.gz bugzilla-8b84903171c75a4ab461bd331def7069eaf6540c.tar.bz2 bugzilla-8b84903171c75a4ab461bd331def7069eaf6540c.zip | |
Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabular and graphical reports in debug mode
r=gerv, a=LpSolit
| -rw-r--r-- | Bugzilla/Chart.pm | 2 | ||||
| -rwxr-xr-x | report.cgi | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm index 58089d29e..f218c6306 100644 --- a/Bugzilla/Chart.pm +++ b/Bugzilla/Chart.pm @@ -438,7 +438,7 @@ sub dump { require Data::Dumper; print "<pre>Bugzilla::Chart object:\n"; - print Data::Dumper::Dumper($self); + print html_quote(Data::Dumper::Dumper($self)); print "</pre>"; } diff --git a/report.cgi b/report.cgi index 17c03a9e4..18bed40a0 100755 --- a/report.cgi +++ b/report.cgi @@ -307,9 +307,9 @@ print $cgi->header(-type => $format->{'ctype'}, if ($cgi->param('debug')) { require Data::Dumper; print "<pre>data hash:\n"; - print Data::Dumper::Dumper(%data) . "\n\n"; + print html_quote(Data::Dumper::Dumper(%data)) . "\n\n"; print "data array:\n"; - print Data::Dumper::Dumper(@image_data) . "\n\n</pre>"; + print html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>"; } # All formats point to the same section of the documentation. |