summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorByron Jones <bjones@mozilla.com>2012-02-29 05:51:35 +0100
committerByron Jones <bjones@mozilla.com>2012-02-29 05:51:35 +0100
commitbda60403ea62b195b678dff88387d9b392c7f4be (patch)
treec45a457cac848c631b6e3d3040db304c140e4258
parentd9a166a767592ea2f2647f9fca3e43d21f0cd4aa (diff)
downloadbugzilla-bda60403ea62b195b678dff88387d9b392c7f4be.tar.gz
bugzilla-bda60403ea62b195b678dff88387d9b392c7f4be.tar.xz
Bug 731219: Fix XMLRPC breakage when content-type contains a charset
r=dkl, a=LpSolit
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm5
1 files changed, 4 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 822709d85..025fb8f19 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -93,7 +93,10 @@ sub deserialize {
my $self = shift;
# Only allow certain content types to protect against CSRF attacks
- if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) {
+ my $content_type = lc($ENV{'CONTENT_TYPE'});
+ # Remove charset, etc, if provided
+ $content_type =~ s/^([^;]+);.*/$1/;
+ if (!grep($_ eq $content_type, XMLRPC_CONTENT_TYPE_WHITELIST)) {
ThrowUserError('xmlrpc_illegal_content_type',
{ content_type => $ENV{'CONTENT_TYPE'} });
}