Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text

Browse Source 
r=glob a=justdave


git-svn-id: svn://10.0.0.236/trunk@265333 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
bzrmirror%bugzilla.org 2014-04-17 16:45:46 +00:00
parent 550894d547
commit ab3da5aade
6 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mozilla/webtools/bugzilla/.bzrrev
View File

@ -1 +1 @@
8993 8994

2
mozilla/webtools/bugzilla/.gitrev
View File

@ -1 +1 @@
0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 58b92d3b0245f6565a7ff34e78fce1e9ec56b355

12
mozilla/webtools/bugzilla/Bugzilla/Template.pm
View File

@ -679,6 +679,18 @@ sub create {
return encode_base64($data); return encode_base64($data);
}, },
# Strips out control characters excepting whitespace
strip_control_chars => sub {
my ($data) = @_;
state $use_utf8 = Bugzilla->params->{'utf8'};
# Only run for utf8 to avoid issues with other multibyte encodings
# that may be reassigning meaning to ascii characters.
if ($use_utf8) {
$data =~ s/(?![\t\r\n])[[:cntrl:]]//g;
}
return $data;
},
# HTML collapses newlines in element attributes to a single space, # HTML collapses newlines in element attributes to a single space,
# so form elements which may have whitespace (ie comments) need # so form elements which may have whitespace (ie comments) need
# to be encoded using 
 # to be encoded using 

4
mozilla/webtools/bugzilla/Bugzilla/Util.pm
View File

@ -75,6 +75,10 @@ sub html_quote {
state $use_utf8 = Bugzilla->params->{'utf8'}; state $use_utf8 = Bugzilla->params->{'utf8'};
if ($use_utf8) { if ($use_utf8) {
# Remove control characters if the encoding is utf8.
# Other multibyte encodings may be using this range; so ignore if not utf8.
$var =~ s/(?![\t\r\n])[[:cntrl:]]//g;
# Remove the following characters because they're # Remove the following characters because they're
# influencing BiDi: # influencing BiDi:
# -------------------------------------------------------- # --------------------------------------------------------

2
mozilla/webtools/bugzilla/template/en/default/email/bugmail.txt.tmpl
View File

@ -19,7 +19,7 @@
[%- IF comment.count %] [%- IF comment.count %]
--- Comment #[% comment.count %] from [% comment.author.identity %] --- --- Comment #[% comment.count %] from [% comment.author.identity %] ---
[% END %] [% END %]
[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) %] [%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %]
[% END %] [% END %]
[% IF referenced_bugs.size %] [% IF referenced_bugs.size %]

2
mozilla/webtools/bugzilla/template/en/default/email/flagmail.txt.tmpl
View File

@ -69,7 +69,7 @@ Attachment [% attidsummary %]
[%-# .defined is necessary to avoid a taint issue, see bug 509794. %] [%-# .defined is necessary to avoid a taint issue, see bug 509794. %]
[% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %] [% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %]
------- Additional Comments from [% user.identity %] ------- Additional Comments from [% user.identity %]
[%+ Bugzilla.cgi.param("comment") %] [%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %]
[% END %] [% END %]
[%- END %] [%- END %]