diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-15 17:11:52 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-15 17:11:52 +0100 |
| commit | 1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd (patch) | |
| tree | 7845a2f7bdb6a0d235a6cf7d41e7faf31adca7dd | |
| parent | 7621e45539668c56a8f7b83a46a05a9e5aca79b0 (diff) | |
| download | bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar.gz bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar.bz2 bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar.xz bugs-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.zip | |
Bug 1253267: Possible DOT injection vulnerability in dependency graphs if long bug summaries are wrapped
r/a=dkl
| -rwxr-xr-x | showdependencygraph.cgi | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 476df1e8e..6d4cb1e71 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -198,6 +198,9 @@ foreach my $k (@bug_ids) { utf8::encode($summary) if utf8::is_utf8($summary); } $summary =~ s/([\\\"])/\\$1/g; + # Newlines must be escaped too, to not break the .map file + # and to prevent code injection. + $summary =~ s/\n/\\n/g; push(@params, qq{label="$k\\n$summary"}); } |