+2013-03-08 David Kilzer <ddkilzer@apple.com>
+
+ (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an invalid page format
+ <https://bugzilla.mozilla.org/show_bug.cgi?id=842038>
+ <exp2://Ticket/14465628>
+
+ Applied "patch for 3.6 and 4.0, v1" to bugs.webkit.org.
+
+ * Bugzilla/Template.pm:
+ (get_format):
+ * show_bug.cgi:
+
2013-02-01 Nathan de Vries <ndevries@apple.com>
Allow prettify.rb to be run from any directory, and don't hard-code the system ruby path
my $user = Bugzilla->login();
+my $format = $template->get_format("bug/show", scalar $cgi->param('format'),
+ scalar $cgi->param('ctype'));
+
# Editable, 'single' HTML bugs are treated slightly specially in a few places
-my $single = !$cgi->param('format')
- && (!$cgi->param('ctype') || $cgi->param('ctype') eq 'html');
+my $single = !$format->{format} && $format->{extension} eq 'html';
# If we don't have an ID, _AND_ we're only doing a single bug, then prompt
if (!$cgi->param('id') && $single) {
exit;
}
-my $format = $template->get_format("bug/show", scalar $cgi->param('format'),
- scalar $cgi->param('ctype'));
-
my @bugs = ();
my %marks;
print $cgi->header($format->{'ctype'});
-$template->process("$format->{'template'}", $vars)
+$template->process($format->{'template'}, $vars)
|| ThrowTemplateError($template->error());