From dc076edefa70576ee6de4511311a1926a56b79fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= Date: Tue, 22 Dec 2015 18:58:16 +0100 Subject: Bug 1221518: (CVE-2015-8508) [SECURITY] XSS in dependency graphs when displaying the bug summary r=gerv a=dkl --- showdependencygraph.cgi | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'showdependencygraph.cgi') diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index e3e54c4d8..476df1e8e 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -61,7 +61,7 @@ sub CreateImagemap { # Pick up bugid from the mapdata label field. Getting the title from # bugtitle hash instead of mapdata allows us to get the summary even # when showsummary is off, and also gives us status and resolution. - my $bugtitle = html_quote(clean_text($bugtitles{$bugid})); + my $bugtitle = $bugtitles{$bugid}; $map .= qq{bug $bugid\n}; @@ -180,13 +180,16 @@ foreach my $k (@bug_ids) { # Retrieve bug information from the database my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k); - # Resolution and summary are shown only if user can see the bug - if (!$user->can_see_bug($k)) { + $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); + + # The bug summary is shown only if the user can see the bug. + if ($user->can_see_bug($k)) { + $summary = html_quote(clean_text($summary)); + } + else { $summary = ''; } - $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); - my @params; if ($summary ne "" && $cgi->param('showsummary')) { -- cgit v1.2.1