← Back to branch summary

~hexmode/+junk/bugzilla4

« back to all changes in this revision

Viewing changes to Bugzilla/Attachment/PatchReader.pm

  • Committer: Frédéric Buclin
  • Author(s): Byron Jones
  • Date: 2011-08-04 20:35:37 UTC
  • Revision ID: lpsolit@gmail.com-20110804203537-h8ddyzqplykevcv6
https://bugzilla.mozilla.org/show_bug.cgi?id=637981
Bug 637981: (CVE-2011-2379) [SECURITY] "Raw Unified" patch diffs can cause XSS on this domain in IE 6-8 and Safari
r/a=LpSolit

Show diffs side-by-side

added added

removed removed

Lines of Context:
Bugzilla/Attachment/PatchReader.pm
37
37
        $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
38
38
        # Actually print out the patch.
39
39
        print $cgi->header(-type => 'text/plain',
 
40
                           -x_content_type_options => "nosniff",
40
41
                           -expires => '+3M');
41
42
        disable_utf8();
42
43
        $reader->iterate_string('Attachment ' . $attachment->id, $attachment->data);
118
119
        $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
119
120
        # Actually print out the patch.
120
121
        print $cgi->header(-type => 'text/plain',
 
122
                           -x_content_type_options => "nosniff",
121
123
                           -expires => '+3M');
122
124
        disable_utf8();
123
125
    }