diff options
author | Byron Jones <glob@mozilla.com> | 2014-05-27 05:48:47 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2014-05-27 05:48:47 +0200 |
commit | 612ab3f079cb9f716581c37d52804d2da0422929 (patch) | |
tree | ff754b461b37989bc61d30c057f959b839e10f65 | |
parent | 398daeeabbb1bf87a677d735ee74edfe9bcc9348 (diff) | |
download | bugzilla-612ab3f079cb9f716581c37d52804d2da0422929.tar.gz bugzilla-612ab3f079cb9f716581c37d52804d2da0422929.tar.xz |
Bug 1013788: it's possible to get bugzilla to redirect to any url by setting the content-type of an attachment after uploading it
-rw-r--r-- | extensions/BMO/Extension.pm | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm index f811c7a3b..b651caf6b 100644 --- a/extensions/BMO/Extension.pm +++ b/extensions/BMO/Extension.pm @@ -624,23 +624,31 @@ sub attachment_process_data { seek($data, 0, 0); } else { # string - return if length($data) > 256; $url = $data; } + if (my $content_type = _get_review_content_type($url)) { + $attributes->{mimetype} = $content_type; + $attributes->{ispatch} = 0; + } +} + +sub _get_review_content_type { + my ($url) = @_; + # trim and check for the pull request url return unless defined $url; + return if length($url) > 256; $url = trim($url); return if $url =~ /\s/; if ($url =~ m#^https://github\.com/[^/]+/[^/]+/pull/\d+/?$#i) { - $attributes->{mimetype} = GITHUB_PR_CONTENT_TYPE; - $attributes->{ispatch} = 0; + return GITHUB_PR_CONTENT_TYPE; } - elsif ($url =~ m#^https?://reviewboard(?:-dev)?\.(?:allizom|mozilla)\.org/r/\d+/?#i) { - $attributes->{mimetype} = RB_REQUEST_CONTENT_TYPE; - $attributes->{ispatch} = 0; + if ($url =~ m#^https?://reviewboard(?:-dev)?\.(?:allizom|mozilla)\.org/r/\d+/?#i) { + return RB_REQUEST_CONTENT_TYPE; } + return; } # redirect automatically to github urls @@ -652,11 +660,14 @@ sub attachment_view { # don't redirect if the content-type is specified explicitly return if defined $cgi->param('content_type'); - # must be our github content-type + # must be our github/reviewboard content-type return unless $attachment->contenttype eq GITHUB_PR_CONTENT_TYPE or $attachment->contenttype eq RB_REQUEST_CONTENT_TYPE; + # must still be a valid url + return unless _get_review_content_type($attachment->data); + # redirect print $cgi->redirect(trim($attachment->data)); exit; |