diff options
author | lpsolit%gmail.com <> | 2006-10-15 04:25:33 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-15 04:25:33 +0000 |
commit | ef822794d93408e154ad0835c127485a537fa186 (patch) | |
tree | faea2054477e743015dbc3bce25c448fb6da9cb8 /showdependencygraph.cgi | |
parent | 79b572263ea0dfcc1638757057825c3e6a2ee38d (diff) | |
download | bugs-ef822794d93408e154ad0835c127485a537fa186.tar bugs-ef822794d93408e154ad0835c127485a537fa186.tar.gz bugs-ef822794d93408e154ad0835c127485a537fa186.tar.bz2 bugs-ef822794d93408e154ad0835c127485a537fa186.tar.xz bugs-ef822794d93408e154ad0835c127485a537fa186.zip |
Bug 355728: [SECURITY] XSS in the "id" parameter of showdependencygraph.cgi when "doall" is set - Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit a=justdave
Diffstat (limited to 'showdependencygraph.cgi')
-rwxr-xr-x | showdependencygraph.cgi | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 00442c4f3..e483fd0f8 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -276,7 +276,9 @@ foreach my $f (@files) } } -$vars->{'bug_id'} = $cgi->param('id'); +# Make sure we only include valid integers (protects us from XSS attacks). +my @bugs = grep(detaint_natural($_), split(/[\s,]+/, $cgi->param('id'))); +$vars->{'bug_id'} = join(', ', @bugs); $vars->{'multiple_bugs'} = ($cgi->param('id') =~ /[ ,]/); $vars->{'doall'} = $cgi->param('doall'); $vars->{'rankdir'} = $rankdir; |