aboutsummaryrefslogtreecommitdiffstats
path: root/showdependencygraph.cgi
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2016-03-15 17:11:52 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2016-03-15 17:11:52 +0100
commit1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd (patch)
tree7845a2f7bdb6a0d235a6cf7d41e7faf31adca7dd /showdependencygraph.cgi
parent7621e45539668c56a8f7b83a46a05a9e5aca79b0 (diff)
downloadbugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar
bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar.gz
bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar.bz2
bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar.xz
bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.zip
Bug 1253267: Possible DOT injection vulnerability in dependency graphs if long bug summaries are wrapped
r/a=dkl
Diffstat (limited to 'showdependencygraph.cgi')
-rwxr-xr-xshowdependencygraph.cgi3
1 files changed, 3 insertions, 0 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 476df1e8e..6d4cb1e71 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -198,6 +198,9 @@ foreach my $k (@bug_ids) {
utf8::encode($summary) if utf8::is_utf8($summary);
}
$summary =~ s/([\\\"])/\\$1/g;
+ # Newlines must be escaped too, to not break the .map file
+ # and to prevent code injection.
+ $summary =~ s/\n/\\n/g;
push(@params, qq{label="$k\\n$summary"});
}