summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2016-03-10 04:09:53 +0100
committerDylan Hardison <dylan@mozilla.com>2016-03-10 04:10:17 +0100
commit0b7cd97e2e75eabee69d663530912e57dd715213 (patch)
treede474aff1ed48f093fbd7f902f8bd0436d6e8ee9
parent6ec9ecf4f2c1fb32ffabc9758672317ff8847fee (diff)
downloadbugzilla-0b7cd97e2e75eabee69d663530912e57dd715213.tar.gz
bugzilla-0b7cd97e2e75eabee69d663530912e57dd715213.tar.xz
Bug 1254542 - Reflected XSS in comment-remo-form-payment.txt page
-rw-r--r--Bugzilla/Constants.pm1
-rw-r--r--Bugzilla/Template.pm2
2 files changed, 2 insertions, 1 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index cfa2be909..5f41cd3f6 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -508,6 +508,7 @@ use constant contenttypes =>
"csv" => "text/csv" ,
"png" => "image/png" ,
"ics" => "text/calendar" ,
+ "txt" => "text/plain",
};
# Usage modes. Default USAGE_MODE_BROWSER. Use with Bugzilla->usage_mode.
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 076e654cb..56ebd9c21 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -144,7 +144,7 @@ sub get_format {
'template' => $template,
'format' => $format,
'extension' => $ctype,
- 'ctype' => Bugzilla::Constants::contenttypes->{$ctype}
+ 'ctype' => Bugzilla::Constants::contenttypes->{$ctype} // 'application/octet-stream',
};
}