issue ------ data is being inserted into bugzilla without any validation. Code Examples -------------- file submitBugzillaComment.php 60 function sanitize($str) { 61 // Remove UTF-8 non-breaking space character sequences (0xc2a0), and 62 // replace them with normal spaces. 63 return str_replace(chr(0xc2) . chr(0xa0), ' ', $str); 64 } suggested remediation --------------------- all data should be validated before being submitted to bugzilla

What other validation do you want to see here, specifically? We should be able to deal with all kinds of strings here. The Bugzilla API we're using is public, so any validation will have to happen on Bugzilla's side anyway, so I'm not sure that we need to do anything.

sorry, I am still somewhat new to bugzilla. This is an accepted usecase so I will close this bug.

OK. Raymond, can you make this bug public, please? I don't have the rights to do that. (Just uncheck the checkbox labeled "Security-Sensitive Webtools Bug" next to the attachments table.)