Bug 355728: [SECURITY] XSS in the "id" parameter of showdependencygraph.cgi when "doall" is set - Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit a=justdave

author: lpsolit%gmail.com <> 2006-10-15 04:30:45 +0000
committer: lpsolit%gmail.com <> 2006-10-15 04:30:45 +0000
commit: 822fa6fbf922407d666b49299a20151206dd4601 (patch)
tree: 704668a31401a42de52b6dd1f0c1f24c25c58133 /showdependencygraph.cgi
parent: Bug 346086: [SECURITY] attachment.cgi lets you view descriptions of private a... (diff)
download: bugzilla-822fa6fbf922407d666b49299a20151206dd4601.tar.gz
bugzilla-822fa6fbf922407d666b49299a20151206dd4601.tar.bz2
bugzilla-822fa6fbf922407d666b49299a20151206dd4601.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 5fc794e9b..2f99b16c8 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -278,7 +278,9 @@ foreach my $f (@files)
     }
 }
 
-$vars->{'bug_id'} = $cgi->param('id');
+# Make sure we only include valid integers (protects us from XSS attacks).
+my @bugs = grep(detaint_natural($_), split(/[\s,]+/, $cgi->param('id')));
+$vars->{'bug_id'} = join(', ', @bugs);
 $vars->{'multiple_bugs'} = ($cgi->param('id') =~ /[ ,]/);
 $vars->{'doall'} = $cgi->param('doall');
 $vars->{'rankdir'} = $rankdir;
author	lpsolit%gmail.com <>	2006-10-15 04:30:45 +0000
committer	lpsolit%gmail.com <>	2006-10-15 04:30:45 +0000
commit	822fa6fbf922407d666b49299a20151206dd4601 (patch)
tree	704668a31401a42de52b6dd1f0c1f24c25c58133 /showdependencygraph.cgi
parent	Bug 346086: [SECURITY] attachment.cgi lets you view descriptions of private a... (diff)
download	bugzilla-822fa6fbf922407d666b49299a20151206dd4601.tar.gz bugzilla-822fa6fbf922407d666b49299a20151206dd4601.tar.bz2 bugzilla-822fa6fbf922407d666b49299a20151206dd4601.zip