Bug 1254542 - Reflected XSS in comment-remo-form-payment.txt page

Dylan Hardison · Dylan Hardison · commit 0b7cd97e2e75 · 2016-03-09T22:10:17.000-05:00
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
@@ -508,6 +508,7 @@ use constant contenttypes =>
    "csv"  => "text/csv" ,
    "png"  => "image/png" ,
    "ics"  => "text/calendar" ,
+   "txt"  => "text/plain",
   };
 
 # Usage modes. Default USAGE_MODE_BROWSER. Use with Bugzilla->usage_mode.
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
@@ -144,7 +144,7 @@ sub get_format {
         'template'    => $template,
         'format'      => $format,
         'extension'   => $ctype,
-        'ctype'       => Bugzilla::Constants::contenttypes->{$ctype}
+        'ctype'       => Bugzilla::Constants::contenttypes->{$ctype} // 'application/octet-stream',
     };
 }
 

Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ sub get_format {`
`144`	`144`	`'template' => $template,`
`145`	`145`	`'format' => $format,`
`146`	`146`	`'extension' => $ctype,`
`147`		`- 'ctype' => Bugzilla::Constants::contenttypes->{$ctype}`
	`147`	`+ 'ctype' => Bugzilla::Constants::contenttypes->{$ctype} // 'application/octet-stream',`
`148`	`148`	`};`
`149`	`149`	`}`
`150`	`150`