Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 603416 Details for
Bug 847199
CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
CVE-2012-3464-3-0-escape_html.patch
CVE-2012-3464-3-0-escape_html.patch (text/plain), 20.91 KB, created by
Kurt Seifried
on 2012-08-10 05:13:40 UTC
(
hide
)
Description:
CVE-2012-3464-3-0-escape_html.patch
Filename:
MIME Type:
Creator:
Kurt Seifried
Created:
2012-08-10 05:13:40 UTC
Size:
20.91 KB
patch
obsolete
>From ac9844bb1a8dc5465ec3d6f9a746b3f34d9c29d4 Mon Sep 17 00:00:00 2001 >From: Aaron Patterson <aaron.patterson@gmail.com> >Date: Wed, 8 Aug 2012 11:05:31 -0700 >Subject: [PATCH] Squashed commit of the following: >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >commit 9ef905f19807c62fb549ae6fe3784be4bcda96dc >Author: Rafael Mendonça França <rafaelmfranca@gmail.com> >Date: Tue Aug 7 22:38:40 2012 -0300 > > Fix tests about single quote escaping > >commit 780a718723cf87b49cfe204d355948c4e0932d23 >Author: Santiago Pastorino <santiago@wyeworks.com> >Date: Tue Jul 31 22:25:54 2012 -0300 > > html_escape should escape single quotes > > https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content > Closes #7215 > > Conflicts: > actionpack/test/controller/new_base/render_template_test.rb > actionpack/test/template/asset_tag_helper_test.rb > actionpack/test/template/erb_util_test.rb > actionpack/test/template/javascript_helper_test.rb > actionpack/test/template/template_test.rb > activesupport/lib/active_support/core_ext/string/output_safety.rb > activesupport/test/core_ext/string_ext_test.rb > railties/test/application/assets_test.rb >--- > actionpack/test/controller/render_test.rb | 4 ++-- > actionpack/test/template/asset_tag_helper_test.rb | 23 ++++++++++++++++------ > actionpack/test/template/erb_util_test.rb | 10 +++++----- > .../test/template/form_options_helper_test.rb | 6 +++--- > actionpack/test/template/form_tag_helper_test.rb | 2 +- > actionpack/test/template/javascript_helper_test.rb | 10 +++++----- > actionpack/test/template/template_test.rb | 2 +- > actionpack/test/template/text_helper_test.rb | 2 +- > actionpack/test/template/url_helper_test.rb | 10 +++++----- > .../core_ext/string/output_safety.rb | 6 +++--- > activesupport/test/core_ext/string_ext_test.rb | 17 ++++++++++++++++ > 11 files changed, 60 insertions(+), 32 deletions(-) > >diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb >index 498931e..4d2a49d 100644 >--- a/actionpack/test/controller/render_test.rb >+++ b/actionpack/test/controller/render_test.rb >@@ -149,7 +149,7 @@ class TestController < ActionController::Base > > # :ported: > def render_text_hello_world_with_layout >- @variable_for_layout = ", I'm here!" >+ @variable_for_layout = ", I am here!" > render :text => "hello world", :layout => true > end > >@@ -776,7 +776,7 @@ class RenderTest < ActionController::TestCase > # :ported: > def test_do_with_render_text_and_layout > get :render_text_hello_world_with_layout >- assert_equal "<html>hello world, I'm here!</html>", @response.body >+ assert_equal "<html>hello world, I am here!</html>", @response.body > end > > # :ported: >diff --git a/actionpack/test/template/asset_tag_helper_test.rb b/actionpack/test/template/asset_tag_helper_test.rb >index 18ef85d..63e10be 100644 >--- a/actionpack/test/template/asset_tag_helper_test.rb >+++ b/actionpack/test/template/asset_tag_helper_test.rb >@@ -159,8 +159,9 @@ class AssetTagHelperTest < ActionView::TestCase > %(image_tag("slash..png")) => %(<img alt="Slash." src="/images/slash..png" />), > %(image_tag(".pdf.png")) => %(<img alt=".pdf" src="/images/.pdf.png" />), > %(image_tag("http://www.rubyonrails.com/images/rails.png")) => %(<img alt="Rails" src="http://www.rubyonrails.com/images/rails.png" />), >- %(image_tag("mouse.png", :mouseover => "/images/mouse_over.png")) => %(<img alt="Mouse" onmouseover="this.src='/images/mouse_over.png'" onmouseout="this.src='/images/mouse.png'" src="/images/mouse.png" />), >- %(image_tag("mouse.png", :mouseover => image_path("mouse_over.png"))) => %(<img alt="Mouse" onmouseover="this.src='/images/mouse_over.png'" onmouseout="this.src='/images/mouse.png'" src="/images/mouse.png" />), >+ %(image_tag("//www.rubyonrails.com/images/rails.png")) => %(<img alt="Rails" src="//www.rubyonrails.com/images/rails.png" />), >+ %(image_tag("mouse.png", :mouseover => "/images/mouse_over.png")) => %(<img alt="Mouse" onmouseover="this.src='/images/mouse_over.png'" onmouseout="this.src='/images/mouse.png'" src="/images/mouse.png" />), >+ %(image_tag("mouse.png", :mouseover => image_path("mouse_over.png"))) => %(<img alt="Mouse" onmouseover="this.src='/images/mouse_over.png'" onmouseout="this.src='/images/mouse.png'" src="/images/mouse.png" />), > %(image_tag("mouse.png", :alt => nil)) => %(<img src="/images/mouse.png" />) > } > >@@ -1007,8 +1008,8 @@ class AssetTagHelperNonVhostTest < ActionView::TestCase > assert_dom_equal(%(/collaboration/hieraki/javascripts/xmlhr.js), javascript_path("xmlhr")) > assert_dom_equal(%(/collaboration/hieraki/stylesheets/style.css), stylesheet_path("style")) > assert_dom_equal(%(/collaboration/hieraki/images/xml.png), image_path("xml.png")) >- assert_dom_equal(%(<img alt="Mouse" onmouseover="this.src='/collaboration/hieraki/images/mouse_over.png'" onmouseout="this.src='/collaboration/hieraki/images/mouse.png'" src="/collaboration/hieraki/images/mouse.png" />), image_tag("mouse.png", :mouseover => "/images/mouse_over.png")) >- assert_dom_equal(%(<img alt="Mouse2" onmouseover="this.src='/collaboration/hieraki/images/mouse_over2.png'" onmouseout="this.src='/collaboration/hieraki/images/mouse2.png'" src="/collaboration/hieraki/images/mouse2.png" />), image_tag("mouse2.png", :mouseover => image_path("mouse_over2.png"))) >+ assert_dom_equal(%(<img alt="Mouse" onmouseover="this.src='/collaboration/hieraki/images/mouse_over.png'" onmouseout="this.src='/collaboration/hieraki/images/mouse.png'" src="/collaboration/hieraki/images/mouse.png" />), image_tag("mouse.png", :mouseover => "/images/mouse_over.png")) >+ assert_dom_equal(%(<img alt="Mouse2" onmouseover="this.src='/collaboration/hieraki/images/mouse_over2.png'" onmouseout="this.src='/collaboration/hieraki/images/mouse2.png'" src="/collaboration/hieraki/images/mouse2.png" />), image_tag("mouse2.png", :mouseover => image_path("mouse_over2.png"))) > end > > def test_should_ignore_relative_root_path_on_complete_url >@@ -1021,8 +1022,18 @@ class AssetTagHelperNonVhostTest < ActionView::TestCase > assert_dom_equal(%(http://assets.example.com/collaboration/hieraki/javascripts/xmlhr.js), javascript_path("xmlhr")) > assert_dom_equal(%(http://assets.example.com/collaboration/hieraki/stylesheets/style.css), stylesheet_path("style")) > assert_dom_equal(%(http://assets.example.com/collaboration/hieraki/images/xml.png), image_path("xml.png")) >- assert_dom_equal(%(<img alt="Mouse" onmouseover="this.src='http://assets.example.com/collaboration/hieraki/images/mouse_over.png'" onmouseout="this.src='http://assets.example.com/collaboration/hieraki/images/mouse.png'" src="http://assets.example.com/collaboration/hieraki/images/mouse.png" />), image_tag("mouse.png", :mouseover => "/images/mouse_over.png")) >- assert_dom_equal(%(<img alt="Mouse2" onmouseover="this.src='http://assets.example.com/collaboration/hieraki/images/mouse_over2.png'" onmouseout="this.src='http://assets.example.com/collaboration/hieraki/images/mouse2.png'" src="http://assets.example.com/collaboration/hieraki/images/mouse2.png" />), image_tag("mouse2.png", :mouseover => image_path("mouse_over2.png"))) >+ assert_dom_equal(%(<img alt="Mouse" onmouseover="this.src='http://assets.example.com/collaboration/hieraki/images/mouse_over.png'" onmouseout="this.src='http://assets.example.com/collaboration/hieraki/images/mouse.png'" src="http://assets.example.com/collaboration/hieraki/images/mouse.png" />), image_tag("mouse.png", :mouseover => "/images/mouse_over.png")) >+ assert_dom_equal(%(<img alt="Mouse2" onmouseover="this.src='http://assets.example.com/collaboration/hieraki/images/mouse_over2.png'" onmouseout="this.src='http://assets.example.com/collaboration/hieraki/images/mouse2.png'" src="http://assets.example.com/collaboration/hieraki/images/mouse2.png" />), image_tag("mouse2.png", :mouseover => image_path("mouse_over2.png"))) >+ end >+ >+ def test_should_compute_proper_path_with_asset_host_and_default_protocol >+ @controller.config.asset_host = "assets.example.com" >+ @controller.config.default_asset_host_protocol = :request >+ assert_dom_equal(%(gopher://assets.example.com/collaboration/hieraki/javascripts/xmlhr.js), javascript_path("xmlhr")) >+ assert_dom_equal(%(gopher://assets.example.com/collaboration/hieraki/stylesheets/style.css), stylesheet_path("style")) >+ assert_dom_equal(%(gopher://assets.example.com/collaboration/hieraki/images/xml.png), image_path("xml.png")) >+ assert_dom_equal(%(<img alt="Mouse" onmouseover="this.src='gopher://assets.example.com/collaboration/hieraki/images/mouse_over.png'" onmouseout="this.src='gopher://assets.example.com/collaboration/hieraki/images/mouse.png'" src="gopher://assets.example.com/collaboration/hieraki/images/mouse.png" />), image_tag("mouse.png", :mouseover => "/images/mouse_over.png")) >+ assert_dom_equal(%(<img alt="Mouse2" onmouseover="this.src='gopher://assets.example.com/collaboration/hieraki/images/mouse_over2.png'" onmouseout="this.src='gopher://assets.example.com/collaboration/hieraki/images/mouse2.png'" src="gopher://assets.example.com/collaboration/hieraki/images/mouse2.png" />), image_tag("mouse2.png", :mouseover => image_path("mouse_over2.png"))) > end > > def test_should_ignore_asset_host_on_complete_url >diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb >index fc20b50..1fc4b84 100644 >--- a/actionpack/test/template/erb_util_test.rb >+++ b/actionpack/test/template/erb_util_test.rb >@@ -7,11 +7,11 @@ class ErbUtilTest < Test::Unit::TestCase > define_method "test_html_escape_#{expected.gsub(/\W/, '')}" do > assert_equal expected, html_escape(given) > end >+ end > >- unless given == '"' >- define_method "test_json_escape_#{expected.gsub(/\W/, '')}" do >- assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given) >- end >+ ERB::Util::JSON_ESCAPE.each do |given, expected| >+ define_method "test_json_escape_#{expected.gsub(/\W/, '')}" do >+ assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given) > end > end > >@@ -39,7 +39,7 @@ class ErbUtilTest < Test::Unit::TestCase > > def test_rest_in_ascii > (0..127).to_a.map {|int| int.chr }.each do |chr| >- next if %w(& " < >).include?(chr) >+ next if %w(& " < > ').include?(chr) > assert_equal chr, html_escape(chr) > end > end >diff --git a/actionpack/test/template/form_options_helper_test.rb b/actionpack/test/template/form_options_helper_test.rb >index b85e917..9b6a8bf 100644 >--- a/actionpack/test/template/form_options_helper_test.rb >+++ b/actionpack/test/template/form_options_helper_test.rb >@@ -887,7 +887,7 @@ class FormOptionsHelperTest < ActionView::TestCase > > def test_options_for_select_with_element_attributes > assert_dom_equal( >- "<option value=\"<Denmark>\" class=\"bold\"><Denmark></option>\n<option value=\"USA\" onclick=\"alert('Hello World');\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>", >+ "<option value=\"<Denmark>\" class=\"bold\"><Denmark></option>\n<option value=\"USA\" onclick=\"alert('Hello World');\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>", > options_for_select([ [ "<Denmark>", { :class => 'bold' } ], [ "USA", { :onclick => "alert('Hello World');" } ], [ "Sweden" ], "Germany" ]) > ) > end >@@ -923,13 +923,13 @@ class FormOptionsHelperTest < ActionView::TestCase > def test_option_html_attributes_with_multiple_element_hash > output = option_html_attributes([ 'foo', 'bar', { :class => 'fancy', 'onclick' => "alert('Hello World');" } ]) > assert output.include?(" class=\"fancy\"") >- assert output.include?(" onclick=\"alert('Hello World');\"") >+ assert output.include?(" onclick=\"alert('Hello World');\"") > end > > def test_option_html_attributes_with_multiple_hashes > output = option_html_attributes([ 'foo', 'bar', { :class => 'fancy' }, { 'onclick' => "alert('Hello World');" } ]) > assert output.include?(" class=\"fancy\"") >- assert output.include?(" onclick=\"alert('Hello World');\"") >+ assert output.include?(" onclick=\"alert('Hello World');\"") > end > > def test_option_html_attributes_with_special_characters >diff --git a/actionpack/test/template/form_tag_helper_test.rb b/actionpack/test/template/form_tag_helper_test.rb >index 532f086..3c94c7a 100644 >--- a/actionpack/test/template/form_tag_helper_test.rb >+++ b/actionpack/test/template/form_tag_helper_test.rb >@@ -361,7 +361,7 @@ class FormTagHelperTest < ActionView::TestCase > > def test_submit_tag > assert_dom_equal( >- %(<input name='commit' data-disable-with="Saving..." onclick="alert('hello!')" type="submit" value="Save" />), >+ %(<input name='commit' data-disable-with="Saving..." onclick="alert('hello!')" type="submit" value="Save" />), > submit_tag("Save", :disable_with => "Saving...", :onclick => "alert('hello!')") > ) > end >diff --git a/actionpack/test/template/javascript_helper_test.rb b/actionpack/test/template/javascript_helper_test.rb >index ba9ab89..47109f4 100644 >--- a/actionpack/test/template/javascript_helper_test.rb >+++ b/actionpack/test/template/javascript_helper_test.rb >@@ -41,7 +41,7 @@ class JavaScriptHelperTest < ActionView::TestCase > end > > def test_button_to_function >- assert_dom_equal %(<input type="button" onclick="alert('Hello world!');" value="Greeting" />), >+ assert_dom_equal %(<input type="button" onclick="alert('Hello world!');" value="Greeting" />), > button_to_function("Greeting", "alert('Hello world!')") > end > >@@ -60,7 +60,7 @@ class JavaScriptHelperTest < ActionView::TestCase > end > > def test_button_to_function_with_onclick >- assert_dom_equal "<input onclick=\"alert('Goodbye World :('); alert('Hello world!');\" type=\"button\" value=\"Greeting\" />", >+ assert_dom_equal "<input onclick=\"alert('Goodbye World :('); alert('Hello world!');\" type=\"button\" value=\"Greeting\" />", > button_to_function("Greeting", "alert('Hello world!')", :onclick => "alert('Goodbye World :(')") > end > >@@ -70,12 +70,12 @@ class JavaScriptHelperTest < ActionView::TestCase > end > > def test_link_to_function >- assert_dom_equal %(<a href="#" onclick="alert('Hello world!'); return false;">Greeting</a>), >+ assert_dom_equal %(<a href="#" onclick="alert('Hello world!'); return false;">Greeting</a>), > link_to_function("Greeting", "alert('Hello world!')") > end > > def test_link_to_function_with_existing_onclick >- assert_dom_equal %(<a href="#" onclick="confirm('Sanity!'); alert('Hello world!'); return false;">Greeting</a>), >+ assert_dom_equal %(<a href="#" onclick="confirm('Sanity!'); alert('Hello world!'); return false;">Greeting</a>), > link_to_function("Greeting", "alert('Hello world!')", :onclick => "confirm('Sanity!')") > end > >@@ -94,7 +94,7 @@ class JavaScriptHelperTest < ActionView::TestCase > end > > def test_link_to_function_with_href >- assert_dom_equal %(<a href="http://example.com/" onclick="alert('Hello world!'); return false;">Greeting</a>), >+ assert_dom_equal %(<a href="http://example.com/" onclick="alert('Hello world!'); return false;">Greeting</a>), > link_to_function("Greeting", "alert('Hello world!')", :href => 'http://example.com/') > end > >diff --git a/actionpack/test/template/template_test.rb b/actionpack/test/template/template_test.rb >index c37ed9c..8d766c6 100644 >--- a/actionpack/test/template/template_test.rb >+++ b/actionpack/test/template/template_test.rb >@@ -50,7 +50,7 @@ class TestERBTemplate < ActiveSupport::TestCase > > def test_locals > @template = new_template("<%= my_local %>") >- assert_equal "I'm a local", render(:my_local => "I'm a local") >+ assert_equal "I am a local", render(:my_local => "I am a local") > end > > def test_restores_buffer >diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb >index 9795a3f..acd6097 100644 >--- a/actionpack/test/template/text_helper_test.rb >+++ b/actionpack/test/template/text_helper_test.rb >@@ -305,7 +305,7 @@ class TextHelperTest < ActionView::TestCase > http://en.wikipedia.org/wiki/Wikipedia:Today%27s_featured_picture_%28animation%29/January_20%2C_2007 > http://www.mail-archive.com/rails@lists.rubyonrails.org/ > http://www.amazon.com/Testing-Equal-Sign-In-Path/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1198861734&sr=8-1 >- http://en.wikipedia.org/wiki/Texas_hold'em >+ http://en.wikipedia.org/wiki/Texas_hold > https://www.google.com/doku.php?id=gps:resource:scs:start > http://connect.oraclecorp.com/search?search[q]=green+france&search[type]=Group > http://of.openfoundry.org/projects/492/download#4th.Release.3 >diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb >index f68af93..30e1269 100644 >--- a/actionpack/test/template/url_helper_test.rb >+++ b/actionpack/test/template/url_helper_test.rb >@@ -188,7 +188,7 @@ class UrlHelperTest < ActiveSupport::TestCase > > def test_link_tag_with_custom_onclick > link = link_to("Hello", "http://www.example.com", :onclick => "alert('yay!')") >- expected = %{<a href="http://www.example.com" onclick="alert('yay!')">Hello</a>} >+ expected = %{<a href="http://www.example.com" onclick="alert('yay!')">Hello</a>} > assert_dom_equal expected, link > end > >@@ -198,12 +198,12 @@ class UrlHelperTest < ActiveSupport::TestCase > link_to("Hello", "http://www.example.com", :confirm => "Are you sure?") > ) > assert_dom_equal( >- "<a href=\"http://www.example.com\" data-confirm=\"You can't possibly be sure, can you?\">Hello</a>", >- link_to("Hello", "http://www.example.com", :confirm => "You can't possibly be sure, can you?") >+ "<a href=\"http://www.example.com\" data-confirm=\"You cant possibly be sure, can you?\">Hello</a>", >+ link_to("Hello", "http://www.example.com", :confirm => "You cant possibly be sure, can you?") > ) > assert_dom_equal( >- "<a href=\"http://www.example.com\" data-confirm=\"You can't possibly be sure,\n can you?\">Hello</a>", >- link_to("Hello", "http://www.example.com", :confirm => "You can't possibly be sure,\n can you?") >+ "<a href=\"http://www.example.com\" data-confirm=\"You cant possibly be sure,\n can you?\">Hello</a>", >+ link_to("Hello", "http://www.example.com", :confirm => "You cant possibly be sure,\n can you?") > ) > end > >diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb >index 0358873..b25592a 100644 >--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb >+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb >@@ -3,13 +3,13 @@ require 'active_support/core_ext/kernel/singleton_class' > > class ERB > module Util >- HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' } >+ HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' } > JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' } > > # A utility method for escaping HTML tag characters. > # This method is also aliased as <tt>h</tt>. > # >- # In your ERb templates, use this method to escape any unsafe content. For example: >+ # In your ERB templates, use this method to escape any unsafe content. For example: > # <%=h @person.name %> > # > # ==== Example: >@@ -20,7 +20,7 @@ class ERB > if s.html_safe? > s > else >- s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<").html_safe >+ s.gsub(/[&"'><]/n) { |special| HTML_ESCAPE[special] }.html_safe > end > end > >diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb >index 8f07cd1..be9a41b 100644 >--- a/activesupport/test/core_ext/string_ext_test.rb >+++ b/activesupport/test/core_ext/string_ext_test.rb >@@ -527,6 +527,23 @@ class OutputSafetyTest < ActiveSupport::TestCase > assert string.html_safe? > assert !string.to_param.html_safe? > end >+ >+ test "ERB::Util.html_escape should escape unsafe characters" do >+ string = '<>&"\'' >+ expected = '<>&"'' >+ assert_equal expected, ERB::Util.html_escape(string) >+ end >+ >+ test "ERB::Util.html_escape should correctly handle invalid UTF-8 strings" do >+ string = [192, 60].pack('CC') >+ expected = 192.chr + "<" >+ assert_equal expected, ERB::Util.html_escape(string) >+ end >+ >+ test "ERB::Util.html_escape should not escape safe strings" do >+ string = "<b>hello</b>".html_safe >+ assert_equal string, ERB::Util.html_escape(string) >+ end > end > > class StringExcludeTest < ActiveSupport::TestCase >-- >1.7.11.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 847199
: 603416 |
603417
|
603418
|
603419