diff options
author | Dylan William Hardison <dylan@hardison.net> | 2015-07-21 17:19:15 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2015-07-21 17:26:14 +0200 |
commit | de49ecc0ca26af7d391286d1a4b17af11920a1fd (patch) | |
tree | c5722989c36fe8b0b452c48d09088c6d8a6def5c | |
parent | c53d646eec8907a4e9cb027c34bb93801f3c9fdc (diff) | |
download | bugzilla-de49ecc0ca26af7d391286d1a4b17af11920a1fd.tar.gz bugzilla-de49ecc0ca26af7d391286d1a4b17af11920a1fd.tar.xz |
Bug 1175985 - Bugzilla Sensitive Information Disclosure Vulnerability
-rwxr-xr-x | attachment.cgi | 18 | ||||
-rw-r--r-- | extensions/GitHubAuth/Extension.pm | 9 | ||||
-rw-r--r-- | extensions/Persona/Extension.pm | 9 |
3 files changed, 35 insertions, 1 deletions
diff --git a/attachment.cgi b/attachment.cgi index 02dc7efcb..d27c89e9f 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -55,6 +55,8 @@ use Bugzilla::Keyword; use Bugzilla::Hook; use Encode qw(encode find_encoding); +use URI; +use URI::QueryParam; # For most scripts we don't make $cgi and $template global variables. But # when preparing Bugzilla for mod_perl, this script used these @@ -377,12 +379,14 @@ sub view { # At this point, Bugzilla->login has been called if it had to. my $contenttype = $attachment->contenttype; - my $filename = $attachment->filename; + my $filename = $attachment->filename; + my $contenttype_override = 0; # Bug 111522: allow overriding content-type manually in the posted form # params. if (defined $cgi->param('content_type')) { $contenttype = $attachment->_check_content_type($cgi->param('content_type')); + $contenttype_override = 1; } # Return the appropriate HTTP response headers. @@ -403,6 +407,18 @@ sub view { my $disposition = Bugzilla->params->{'allow_attachment_display'} ? 'inline' : 'attachment'; + my $do_redirect = 0; + Bugzilla::Hook::process('attachment_should_redirect_login', { do_redirect => \$do_redirect }); + + if ($do_redirect) { + my $uri = URI->new(correct_urlbase() . 'attachment.cgi'); + $uri->query_param(id => $attachment->id); + $uri->query_param(content_type => $contenttype) if $contenttype_override; + + print $cgi->redirect('-location' => $uri); + exit 0; + } + # Don't send a charset header with attachments--they might not be UTF-8. # However, we do allow people to explicitly specify a charset if they # want. diff --git a/extensions/GitHubAuth/Extension.pm b/extensions/GitHubAuth/Extension.pm index dee927165..d68934be4 100644 --- a/extensions/GitHubAuth/Extension.pm +++ b/extensions/GitHubAuth/Extension.pm @@ -54,6 +54,15 @@ sub template_before_create { }; } +sub attachment_should_redirect_login { + my ($self, $args) = @_; + my $cgi = Bugzilla->cgi; + + if ($cgi->param('github_state') || $cgi->param('github_email')) { + ${$args->{do_redirect}} = 1; + } +} + sub auth_login_methods { my ($self, $args) = @_; my $modules = $args->{'modules'}; diff --git a/extensions/Persona/Extension.pm b/extensions/Persona/Extension.pm index f288702e8..2c8e46add 100644 --- a/extensions/Persona/Extension.pm +++ b/extensions/Persona/Extension.pm @@ -64,6 +64,15 @@ sub config_modify_panels { } } +sub attachment_should_redirect_login { + my ($self, $args) = @_; + my $cgi = Bugzilla->cgi; + + if ($cgi->param("persona_assertion")) { + ${$args->{do_redirect}} = 1; + } +} + sub config_add_panels { my ($self, $args) = @_; my $modules = $args->{panel_modules}; |