aboutsummaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorSimon Green <sgreen@redhat.com>2014-10-06 15:04:40 +0000
committerDavid Lawrence <dkl@mozilla.com>2014-10-06 15:04:40 +0000
commit10e40c5707d383303c7837f526c3ab06466ede98 (patch)
tree94f4876bbbc7442d61f74938190c7bfdfac13e45 /Bugzilla
parentfa954ab78cc60aba43aedb85e2b4f98d56d7bf9d (diff)
downloadbugs-10e40c5707d383303c7837f526c3ab06466ede98.tar
bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.gz
bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.bz2
bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.xz
bugs-10e40c5707d383303c7837f526c3ab06466ede98.zip
Bug 1054702: CSV export vulnerable to formulae injection
r=glob,a=glob
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Template.pm4
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index e4c1bf460..ca467577f 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -890,10 +890,12 @@ sub create {
},
# In CSV, quotes are doubled, and any value containing a quote or a
- # comma is enclosed in quotes.
+ # comma is enclosed in quotes. If a field starts with an equals
+ # sign, it is proceed by a space.
csv => sub
{
my ($var) = @_;
+ $var = ' ' . $var if substr($var, 0, 1) eq '=';
$var =~ s/\"/\"\"/g;
if ($var !~ /^-?(\d+\.)?\d*$/) {
$var = "\"$var\"";