diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 14:29:01 +0000 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 14:29:01 +0000 |
commit | 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch) | |
tree | 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /post_bug.cgi | |
parent | 553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff) | |
download | bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.bz2 bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz bugs-9e186bdd5da79077f162351d61fd1163d6cfd622.zip |
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'post_bug.cgi')
-rwxr-xr-x | post_bug.cgi | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/post_bug.cgi b/post_bug.cgi index f73ca6b29..9da8faec1 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -152,7 +152,10 @@ if (defined $cgi->param('version')) { # after the bug is filed. # Add an attachment if requested. -if (defined($cgi->upload('data')) || $cgi->param('attach_text')) { +my $data_fh = $cgi->upload('data'); +my $attach_text = $cgi->param('attach_text'); + +if ($data_fh || $attach_text) { $cgi->param('isprivate', $cgi->param('comment_is_private')); # Must be called before create() as it may alter $cgi->param('ispatch'). @@ -167,9 +170,9 @@ if (defined($cgi->upload('data')) || $cgi->param('attach_text')) { $attachment = Bugzilla::Attachment->create( {bug => $bug, creation_ts => $timestamp, - data => scalar $cgi->param('attach_text') || $cgi->upload('data'), + data => $attach_text || $data_fh, description => scalar $cgi->param('description'), - filename => $cgi->param('attach_text') ? "file_$id.txt" : scalar $cgi->upload('data'), + filename => $attach_text ? "file_$id.txt" : $data_fh, ispatch => scalar $cgi->param('ispatch'), isprivate => scalar $cgi->param('isprivate'), mimetype => $content_type, |