Bug 1054702: CSV export vulnerable to formulae injection

r=glob,a=glob
author: Simon Green <sgreen@redhat.com> 2014-10-06 15:04:40 +0000
committer: David Lawrence <dkl@mozilla.com> 2014-10-06 15:04:40 +0000
commit: 10e40c5707d383303c7837f526c3ab06466ede98 (patch)
tree: 94f4876bbbc7442d61f74938190c7bfdfac13e45 /Bugzilla
parent: fa954ab78cc60aba43aedb85e2b4f98d56d7bf9d (diff)
download: bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar
bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.gz
bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.bz2
bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.xz
bugs-10e40c5707d383303c7837f526c3ab06466ede98.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index e4c1bf460..ca467577f 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -890,10 +890,12 @@ sub create {
             },
 
             # In CSV, quotes are doubled, and any value containing a quote or a
-            # comma is enclosed in quotes.
+            # comma is enclosed in quotes. If a field starts with an equals
+            # sign, it is proceed by a space.
             csv => sub
             {
                 my ($var) = @_;
+                $var = ' ' . $var if substr($var, 0, 1) eq '=';
                 $var =~ s/\"/\"\"/g;
                 if ($var !~ /^-?(\d+\.)?\d*$/) {
                     $var = "\"$var\"";
author	Simon Green <sgreen@redhat.com>	2014-10-06 15:04:40 +0000
committer	David Lawrence <dkl@mozilla.com>	2014-10-06 15:04:40 +0000
commit	10e40c5707d383303c7837f526c3ab06466ede98 (patch)
tree	94f4876bbbc7442d61f74938190c7bfdfac13e45 /Bugzilla
parent	fa954ab78cc60aba43aedb85e2b4f98d56d7bf9d (diff)
download	bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.gz bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.bz2 bugs-10e40c5707d383303c7837f526c3ab06466ede98.tar.xz bugs-10e40c5707d383303c7837f526c3ab06466ede98.zip