diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 14:27:01 +0000 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-10-06 14:27:01 +0000 |
commit | 7b8e0ab40feb210cca2bbe9c83e94bde8b36dec5 (patch) | |
tree | 7eb32d7e6af4f0d57bf0e4cccb35de70177bd6d3 /attachment.cgi | |
parent | Bug 1072490: Release notes for 4.4.6 (diff) | |
download | bugzilla-7b8e0ab40feb210cca2bbe9c83e94bde8b36dec5.tar.gz bugzilla-7b8e0ab40feb210cca2bbe9c83e94bde8b36dec5.tar.bz2 bugzilla-7b8e0ab40feb210cca2bbe9c83e94bde8b36dec5.zip |
Bug 1075578: [SECURITY] Improper filtering of CGI arguments
r=dkl,a=sgreen
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-x | attachment.cgi | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/attachment.cgi b/attachment.cgi index f728db484..7db8015a0 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -205,8 +205,9 @@ sub validateContext { my $context = $cgi->param('context') || "patch"; if ($context ne "file" && $context ne "patch") { - detaint_natural($context) - || ThrowUserError("invalid_context", { context => $cgi->param('context') }); + my $orig_context = $context; + detaint_natural($context) + || ThrowUserError("invalid_context", { context => $orig_context }); } return $context; @@ -524,13 +525,14 @@ sub insert { # Get the filehandle of the attachment. my $data_fh = $cgi->upload('data'); + my $attach_text = $cgi->param('attach_text'); my $attachment = Bugzilla::Attachment->create( {bug => $bug, creation_ts => $timestamp, - data => scalar $cgi->param('attach_text') || $data_fh, + data => $attach_text || $data_fh, description => scalar $cgi->param('description'), - filename => $cgi->param('attach_text') ? "file_$bugid.txt" : scalar $cgi->upload('data'), + filename => $attach_text ? "file_$bugid.txt" : $data_fh, ispatch => scalar $cgi->param('ispatch'), isprivate => scalar $cgi->param('isprivate'), mimetype => $content_type, |