aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2014-10-06 14:29:01 +0000
committerDavid Lawrence <dkl@mozilla.com>2014-10-06 14:29:01 +0000
commit9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree3ddcb53698d5f608dd9228b1632481f4a0fcc04f /post_bug.cgi
parentBug 1071276: Markdown comment checkbox value is not passed through properly w... (diff)
downloadbugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz
bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.bz2
bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.zip
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'post_bug.cgi')
-rwxr-xr-xpost_bug.cgi9
1 files changed, 6 insertions, 3 deletions
diff --git a/post_bug.cgi b/post_bug.cgi
index f73ca6b29..9da8faec1 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -152,7 +152,10 @@ if (defined $cgi->param('version')) {
# after the bug is filed.
# Add an attachment if requested.
-if (defined($cgi->upload('data')) || $cgi->param('attach_text')) {
+my $data_fh = $cgi->upload('data');
+my $attach_text = $cgi->param('attach_text');
+
+if ($data_fh || $attach_text) {
$cgi->param('isprivate', $cgi->param('comment_is_private'));
# Must be called before create() as it may alter $cgi->param('ispatch').
@@ -167,9 +170,9 @@ if (defined($cgi->upload('data')) || $cgi->param('attach_text')) {
$attachment = Bugzilla::Attachment->create(
{bug => $bug,
creation_ts => $timestamp,
- data => scalar $cgi->param('attach_text') || $cgi->upload('data'),
+ data => $attach_text || $data_fh,
description => scalar $cgi->param('description'),
- filename => $cgi->param('attach_text') ? "file_$id.txt" : scalar $cgi->upload('data'),
+ filename => $attach_text ? "file_$id.txt" : $data_fh,
ispatch => scalar $cgi->param('ispatch'),
isprivate => scalar $cgi->param('isprivate'),
mimetype => $content_type,