diff options
| author |   Reed Loden <reed@reedloden.com> | 2011-01-24 10:15:04 -0800 |
|---|---|---|
| committer | Reed Loden <reed@reedloden.com> | 2011-01-24 10:15:04 -0800 |
| commit | 777d754f30dfc0c70806f8e8aa2808dfd5818b9a (patch) | |
| tree | 558d1e0379b4d25328907a3b64cbfa83b6251e19 | |
| parent | Bug 621110: [SECURITY] Quips (adding/approving/deleting) lacks CSRF protection (diff) | |
| download | bugzilla-777d754f30dfc0c70806f8e8aa2808dfd5818b9a.tar.gz bugzilla-777d754f30dfc0c70806f8e8aa2808dfd5818b9a.tar.bz2 bugzilla-777d754f30dfc0c70806f8e8aa2808dfd5818b9a.zip | |
Bug 621572: (CVE-2010-4572) [SECURITY] chart.cgi vulnerable to header-injection due to use of |print "Location:"| instead of $cgi->redirect
[r=mkanat a=LpSolit]
| -rwxr-xr-x | chart.cgi | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -65,8 +65,8 @@ local our $vars = {}; # Go back to query.cgi if we are adding a boolean chart parameter. if (grep(/^cmd-/, $cgi->param())) { my $params = $cgi->canonicalise_query("format", "ctype", "action"); - print "Location: query.cgi?format=" . $cgi->param('query_format') . - ($params ? "&$params" : "") . "\n\n"; + print $cgi->redirect("query.cgi?format=" . $cgi->param('query_format') . + ($params ? "&$params" : "")); exit; } @@ -89,7 +89,7 @@ $action ||= "assemble"; # Go to buglist.cgi if we are doing a search. if ($action eq "search") { my $params = $cgi->canonicalise_query("format", "ctype", "action"); - print "Location: buglist.cgi" . ($params ? "?$params" : "") . "\n\n"; + print $cgi->redirect("buglist.cgi" . ($params ? "?$params" : "")); exit; } |