Merge branch '5.0' of https://git.mozilla.org/bugzilla/bugzilla

author: Frédéric Buclin <LpSolit@netscape.net> 2016-05-15 13:55:11 +0200
committer: Frédéric Buclin <LpSolit@netscape.net> 2016-05-15 13:55:11 +0200
commit: c12c092f9fd84cd0f5b5645f61e29fe1260063dc (patch)
tree: 8e6b38a23387a537ad091706e6bef58291842d46 /showdependencygraph.cgi
parent: a0f06d3134a63b577763e1f272b001182e5e645e (diff)
parent: 16dd96bdfdadea63e182f0954f06c187cb83e75b (diff)
download: bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.tar
bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.tar.gz
bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.tar.bz2
bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.tar.xz
bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 476df1e8e..6d4cb1e71 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -198,6 +198,9 @@ foreach my $k (@bug_ids) {
             utf8::encode($summary) if utf8::is_utf8($summary);
         }
         $summary =~ s/([\\\"])/\\$1/g;
+        # Newlines must be escaped too, to not break the .map file
+        # and to prevent code injection.
+        $summary =~ s/\n/\\n/g;
         push(@params, qq{label="$k\\n$summary"});
     }
author	Frédéric Buclin <LpSolit@netscape.net>	2016-05-15 13:55:11 +0200
committer	Frédéric Buclin <LpSolit@netscape.net>	2016-05-15 13:55:11 +0200
commit	c12c092f9fd84cd0f5b5645f61e29fe1260063dc (patch)
tree	8e6b38a23387a537ad091706e6bef58291842d46 /showdependencygraph.cgi
parent	a0f06d3134a63b577763e1f272b001182e5e645e (diff)
parent	16dd96bdfdadea63e182f0954f06c187cb83e75b (diff)
download	bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.tar bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.tar.gz bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.tar.bz2 bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.tar.xz bugs-c12c092f9fd84cd0f5b5645f61e29fe1260063dc.zip