diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-03-24 04:18:45 +0100 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2017-03-24 04:19:06 +0100 |
| commit | 0abf244f409fd91120d35beb65ee4f3a03139a44 (patch) | |
| tree | 42e3435115aea6da353b5ffb8589ed12c9768c33 | |
| parent | 03d25686135afdd93c33e26f6a2532bcfdf023c9 (diff) | |
| download | bugzilla-0abf244f409fd91120d35beb65ee4f3a03139a44.tar.gz bugzilla-0abf244f409fd91120d35beb65ee4f3a03139a44.tar.xz | |
Bug 1349899 - Clean up invalid mozreview urls on attachment page
| -rw-r--r-- | extensions/BMO/Extension.pm | 3 | ||||
| -rw-r--r-- | extensions/BMO/lib/Data.pm | 18 | ||||
| -rw-r--r-- | extensions/MozReview/template/en/default/hook/attachment/edit-view.html.tmpl | 2 |
3 files changed, 20 insertions, 3 deletions
diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm index 1640bd076..40ab8424e 100644 --- a/extensions/BMO/Extension.pm +++ b/extensions/BMO/Extension.pm @@ -1152,7 +1152,8 @@ sub _detect_attached_url { return unless defined $url; return if length($url) > 256; $url = trim($url); - return if $url =~ /\s/; + # ignore urls that contain unescaped characters outside of the range mentioned in RFC 3986 section 2 + return if $url =~ m<[^A-Za-z0-9._~:/?#\[\]@!\$&'()*+,;=`.%-]>; foreach my $key (keys %autodetect_attach_urls) { if ($url =~ $autodetect_attach_urls{$key}->{regex}) { diff --git a/extensions/BMO/lib/Data.pm b/extensions/BMO/lib/Data.pm index 5b07ce645..fcb96a558 100644 --- a/extensions/BMO/lib/Data.pm +++ b/extensions/BMO/lib/Data.pm @@ -26,6 +26,22 @@ our @EXPORT = qw( $cf_visible_in_products # Creating an attachment whose contents is a URL matching one of these regexes # will result in the user being redirected to that URL when viewing the # attachment. + +my $mozreview_url_re = qr{ + # begins with mozreview hostname + ^ + https?://reviewboard(?:-dev)?\.(?:allizom|mozilla)\.org + + # followed by a review path + /r/\d+ + + # ends with optional suffix + (?: / + | /diff/\#index_header + )? + $ +}ix; + our %autodetect_attach_urls = ( github_pr => { title => 'GitHub Pull Request', @@ -35,7 +51,7 @@ our %autodetect_attach_urls = ( }, reviewboard => { title => 'MozReview', - regex => qr#^https?://reviewboard(?:-dev)?\.(?:allizom|mozilla)\.org/r/\d+/?#i, + regex => $mozreview_url_re, content_type => 'text/x-review-board-request', can_review => 1, }, diff --git a/extensions/MozReview/template/en/default/hook/attachment/edit-view.html.tmpl b/extensions/MozReview/template/en/default/hook/attachment/edit-view.html.tmpl index 571d69b50..044c36ae9 100644 --- a/extensions/MozReview/template/en/default/hook/attachment/edit-view.html.tmpl +++ b/extensions/MozReview/template/en/default/hook/attachment/edit-view.html.tmpl @@ -12,5 +12,5 @@ url = attachment.data; %] <h3> - <a href="[% url FILTER none %]" title="[% url FILTER html %]">Show review on MozReview</a><br> + <a href="[% url FILTER html %]" title="[% url FILTER html %]">Show review on MozReview</a><br> </h3> |