aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2016-03-15 17:11:52 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2016-03-15 17:11:52 +0100
commit1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd (patch)
tree7845a2f7bdb6a0d235a6cf7d41e7faf31adca7dd
parentBug 1250908: "Use of uninitialized value" warning thrown when creating a new ... (diff)
downloadgentoo-bugzilla-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.zip
gentoo-bugzilla-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar.gz
gentoo-bugzilla-1c5ecdf1c8d11dbd47f1361bc11565d1175c81bd.tar.bz2
Bug 1253267: Possible DOT injection vulnerability in dependency graphs if long bug summaries are wrapped
r/a=dkl
-rwxr-xr-xshowdependencygraph.cgi3
1 files changed, 3 insertions, 0 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 476df1e..6d4cb1e 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -198,6 +198,9 @@ foreach my $k (@bug_ids) {
utf8::encode($summary) if utf8::is_utf8($summary);
}
$summary =~ s/([\\\"])/\\$1/g;
+ # Newlines must be escaped too, to not break the .map file
+ # and to prevent code injection.
+ $summary =~ s/\n/\\n/g;
push(@params, qq{label="$k\\n$summary"});
}