diff options
| author | gerv%gerv.net <> | 2001-10-19 06:28:06 +0200 |
|---|---|---|
| committer | gerv%gerv.net <> | 2001-10-19 06:28:06 +0200 |
| commit | 0514605a98956216ded50969c26b2d78dcf2e260 (patch) | |
| tree | 5d45eb59bac7d14cca94968f43272168048f14a1 | |
| parent | 858fd64e0faa9a0717167f1d84543c4a542c495c (diff) | |
| download | bugzilla-0514605a98956216ded50969c26b2d78dcf2e260.tar.gz bugzilla-0514605a98956216ded50969c26b2d78dcf2e260.tar.xz | |
Bug 60818 - make Bugzilla cope with MIME types with parameters. Patch by gerv, r=myk.
| -rw-r--r-- | bug_form.pl | 1 | ||||
| -rwxr-xr-x | createattachment.cgi | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/bug_form.pl b/bug_form.pl index 5938f3aea..d3311fee5 100644 --- a/bug_form.pl +++ b/bug_form.pl @@ -299,6 +299,7 @@ if (Param('useattachmenttracker')) { } my $link = "showattachment.cgi?attach_id=$attachid"; $desc = value_quote($desc); + $mimetype = html_quote($mimetype); print qq{<td><a href="$link">$date</a></td><td colspan=6>$desc ($mimetype)</td></tr><tr><td></td>}; } print "<td colspan=7><a href=\"createattachment.cgi?id=$id\">Create a new attachment</a> (proposed patch, testcase, etc.)</td></tr></table>\n"; diff --git a/createattachment.cgi b/createattachment.cgi index 619abbd26..d665e4498 100755 --- a/createattachment.cgi +++ b/createattachment.cgi @@ -84,8 +84,9 @@ What kind of file is this? if ($mimetype eq "other") { $mimetype = $::FORM{'othertype'}; } - if ($mimetype !~ m@^(\w|-|\+|\.)+/(\w|-|\+|\.)+$@) { - PuntTryAgain("You must select a legal mime type. '<tt>$mimetype</tt>' simply will not do."); + if ($mimetype !~ m@^(\w|-|\+|\.)+/(\w|-|\+|\.)+(;.*)?$@) { + PuntTryAgain("You must select a legal mime type. '<tt>" . + html_quote($mimetype) . "</tt>' simply will not do."); } SendSQL("insert into attachments (bug_id, filename, description, mimetype, ispatch, submitter_id, thedata) values ($id," . SqlQuote($::FILENAME{'data'}) . ", " . SqlQuote($desc) . ", " . |