diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-10 01:46:03 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-10 01:46:03 +0200 |
| commit | 36e4d1fddb336e0ebfb61e0b7870e2b60c666ef5 (patch) | |
| tree | 0cdfbda05f2324575d3da845be7d1d1c10d0bc4d | |
| parent | e002b3fdae068007cfe20c0ae6f598489161ea48 (diff) | |
| download | bugzilla-36e4d1fddb336e0ebfb61e0b7870e2b60c666ef5.tar.gz bugzilla-36e4d1fddb336e0ebfb61e0b7870e2b60c666ef5.tar.xz | |
Bug 677187: If the attachment filename contains a newline, an error is thrown when trying to download the attachment
r/a=mkanat
| -rw-r--r-- | Bugzilla/Attachment.pm | 10 | ||||
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 5 |
2 files changed, 10 insertions, 5 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 7cd350dde..a39dc3af4 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -518,9 +518,13 @@ sub _check_content_type { my $is_patch = ref($invocant) ? $invocant->ispatch : $params->{ispatch}; $content_type = 'text/plain' if $is_patch; - $content_type = trim($content_type); + $content_type = clean_text($content_type); + # The subsets below cover all existing MIME types and charsets registered by IANA. + # (MIME type: RFC 2045 section 5.1; charset: RFC 2278 section 3.3) my $legal_types = join('|', LEGAL_CONTENT_TYPES); - if (!$content_type or $content_type !~ /^($legal_types)\/.+$/) { + if (!$content_type + || $content_type !~ /^($legal_types)\/[a-z0-9_\-\+\.]+(;\s*charset=[a-z0-9_\-\+]+)?$/i) + { ThrowUserError("invalid_content_type", { contenttype => $content_type }); } trick_taint($content_type); @@ -560,7 +564,7 @@ sub _check_description { sub _check_filename { my ($invocant, $filename) = @_; - $filename = trim($filename); + $filename = clean_text($filename); $filename || ThrowUserError('file_not_specified'); # Remove path info (if any) from the file name. The browser should do this diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index af2fc7b36..5af39dc80 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -927,8 +927,9 @@ [% title = "Invalid Content-Type" %] The content type <em>[% contenttype FILTER html %]</em> is invalid. Valid types must be of the form <em>foo/bar</em> where <em>foo</em> - is one of <em>[% constants.LEGAL_CONTENT_TYPES.join(', ') FILTER html %]</em>. - + is one of <em>[% constants.LEGAL_CONTENT_TYPES.join(', ') FILTER html %]</em> + and <em>bar</em> must not contain any special characters (such as "=", "?", ...). + [% ELSIF error == "invalid_context" %] [% title = "Invalid Context" %] The context [% context FILTER html %] is invalid (must be a number, |