Bug 355728: [SECURITY] XSS in the "id" parameter of showdependencygraph.cgi when "doall" is set - Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit a=justdave
git-svn-id: svn://10.0.0.236/trunk@213650 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
lpsolit%gmail.com
parent
c5e32db020
commit
371700fad6
@ -577,11 +577,10 @@ every login cookie Bugzilla has ever given out.)
|
||||
Version 2.22.1
|
||||
--------------
|
||||
|
||||
The Bugzilla team fixed two Information Leaks and two Cross-Site
|
||||
The Bugzilla team fixed two Information Leaks and three Cross-Site
|
||||
Scripting vulnerabilities that existed in versions of Bugzilla
|
||||
prior to 2.22.1. None of them are considered to be of critical
|
||||
severity, but we still strongly recommend that you update any
|
||||
2.22 installation to 2.22.1.
|
||||
prior to 2.22.1. We strongly recommend that you update any 2.22
|
||||
installation to 2.22.1, to be protected from these vulnerabilities.
|
||||
|
||||
In addition, we have made an enhancement to security in this version
|
||||
of Bugzilla. In previous versions, it was possible for malicious
|
||||
|
||||
@ -276,7 +276,9 @@ foreach my $f (@files)
|
||||
}
|
||||
}
|
||||
|
||||
$vars->{'bug_id'} = $cgi->param('id');
|
||||
# Make sure we only include valid integers (protects us from XSS attacks).
|
||||
my @bugs = grep(detaint_natural($_), split(/[\s,]+/, $cgi->param('id')));
|
||||
$vars->{'bug_id'} = join(', ', @bugs);
|
||||
$vars->{'multiple_bugs'} = ($cgi->param('id') =~ /[ ,]/);
|
||||
$vars->{'doall'} = $cgi->param('doall');
|
||||
$vars->{'rankdir'} = $rankdir;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user