diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-05-02 01:27:04 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2017-05-02 01:27:22 +0200 |
commit | e6423e215ca33695d93dcae2a9151b064052f145 (patch) | |
tree | 2fe1563c40e77b053b373cf51d4c72f08d5901b1 | |
parent | dd4b9121d8b3703ac601d88ff5a7d2977ed3600c (diff) | |
download | bugzilla-e6423e215ca33695d93dcae2a9151b064052f145.tar.gz bugzilla-e6423e215ca33695d93dcae2a9151b064052f145.tar.xz |
Bug 1312735 - allow http auth delegation callbacks based on environmental variable
-rwxr-xr-x | auth.cgi | 8 | ||||
-rw-r--r-- | heartbeat.cgi | 1 |
2 files changed, 8 insertions, 1 deletions
@@ -43,8 +43,14 @@ ThrowUserError("auth_delegation_invalid_description") unless $description =~ /^[\w\s]{3,255}$/; my $callback_uri = URI->new($callback); + +my $legal_protocol + = $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION} + ? qr/^https?$/i # http or https + : qr/^https$/i; # https only + ThrowUserError('auth_delegation_illegal_protocol', { protocol => scalar $callback_uri->scheme }) - unless $callback_uri->scheme eq 'https'; + unless $callback_uri->scheme =~ $legal_protocol; my $callback_base = $callback_uri->clone; $callback_base->query(undef); diff --git a/heartbeat.cgi b/heartbeat.cgi index 47f3d59a2..e26dfe6ba 100644 --- a/heartbeat.cgi +++ b/heartbeat.cgi @@ -29,6 +29,7 @@ my $ok = eval { die "database not available" unless $database_ok; die "memcached server(s) not available" unless $memcached_ok; die "mod_perl not configured?" unless $ENV{MOD_PERL}; + die "BUGZILLA_UNSAFE_AUTH_DELEGATION" if $ENV{BUGZILLA_UNSAFE_AUTH_DELEGATION}; 1; }; warn "heartbeat error: $@" if !$ok && $@; |