From 7b7a210cd57140e85c36c9c5bfed35389f7952d5 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Fri, 16 Feb 2018 11:37:21 -0500
Subject: Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from
 leaking contents of certain fields due to regex search r=jfearn,a=dylan

---
 attachment.cgi | 1 +
 1 file changed, 1 insertion(+)

(limited to 'attachment.cgi')

diff --git a/attachment.cgi b/attachment.cgi
index 40b0c9d3a..4cd9229fb 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -35,6 +35,7 @@ use Encode::MIME::Header; # Required to alter Encode::Encoding{'MIME-Q'}.
 local our $cgi = Bugzilla->cgi;
 local our $template = Bugzilla->template;
 local our $vars = {};
+local $Bugzilla::CGI::ALLOW_UNSAFE_RESPONSE = 1;
 
 # All calls to this script should contain an "action" variable whose
 # value determines what the user wants to do.  The code below checks
-- 
cgit v1.2.1