diff options
| author |   Dylan William Hardison <dylan@hardison.net> | 2018-02-16 11:37:21 -0500 |
|---|---|---|
| committer |   David Lawrence <dkl@mozilla.com> | 2018-02-16 11:37:21 -0500 |
| commit | 7b7a210cd57140e85c36c9c5bfed35389f7952d5 (patch) | |
| tree | 187cf4086d6dcd21ae89c4aa584c7802ace3119f /attachment.cgi | |
| parent | Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1427623 by setting (#57) (diff) | |
| download | bugzilla-7b7a210cd57140e85c36c9c5bfed35389f7952d5.tar.gz bugzilla-7b7a210cd57140e85c36c9c5bfed35389f7952d5.tar.bz2 bugzilla-7b7a210cd57140e85c36c9c5bfed35389f7952d5.zip | |
Bug 1433400 (CVE-2018-5123) Prevent cross-site image requests from leaking contents of certain fields due to regex search
r=jfearn,a=dylan
Diffstat (limited to 'attachment.cgi')
| -rwxr-xr-x | attachment.cgi | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/attachment.cgi b/attachment.cgi index 40b0c9d3a..4cd9229fb 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -35,6 +35,7 @@ use Encode::MIME::Header; # Required to alter Encode::Encoding{'MIME-Q'}. local our $cgi = Bugzilla->cgi; local our $template = Bugzilla->template; local our $vars = {}; +local $Bugzilla::CGI::ALLOW_UNSAFE_RESPONSE = 1; # All calls to this script should contain an "action" variable whose # value determines what the user wants to do. The code below checks |