diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-12-16 20:17:05 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-12-16 20:17:05 +0100 |
| commit | 334bead74bc9c5e819f14946726eaad40986d636 (patch) | |
| tree | e7ecf8d4eba2e6a046da8a9dc8828f35b75c7428 | |
| parent | 49e0df0d4e1b2f25be4ab36660dac5e47768c9a1 (diff) | |
| download | bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.gz bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.xz | |
Bug 1403777 - Migrate urlbase from params to localconfig
69 files changed, 326 insertions, 494 deletions
diff --git a/.circleci/checksetup_answers.legacy.txt b/.circleci/checksetup_answers.legacy.txt index 11d8c9131..759ee081a 100644 --- a/.circleci/checksetup_answers.legacy.txt +++ b/.circleci/checksetup_answers.legacy.txt @@ -8,4 +8,3 @@ $answer{'create_htaccess'} = ''; $answer{'cvsbin'} = '/usr/bin/cvs'; $answer{'diffpath'} = '/usr/bin'; $answer{'interdiffbin'} = '/usr/bin/interdiff'; -$answer{'urlbase'} = 'http://<<HOSTNAME>>:8000/bmo/'; diff --git a/.circleci/config.yml b/.circleci/config.yml index 0b2071a37..54f5381d5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -31,6 +31,13 @@ defaults: BMO_db_name: bugs BMO_memcached_servers: localhost:11211 BMO_memcached_namespace: "bugzilla:" + BMO_urlbase: AUTOMATIC + HTTPD_StartServers: 1 + HTTPD_MinSpareServers: 1 + HTTPD_MaxSpareServers: 1 + HTTPD_ServerLimit: 1 + HTTPD_MaxClients: 1 + HTTPD_MaxRequestsPerChild: 4000 mysql_env: &mysql_env MYSQL_DATABASE: bugs @@ -52,10 +59,10 @@ defaults: default_qa_setup: &default_qa_setup run: + name: default qa setup command: | mv /opt/bmo/local /app/local - perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_CONF_FILE - perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_ANSWERS_FILE + perl -MSys::Hostname -i -pE 's/bmo.test/hostname() . ":$ENV{PORT}"/ges' $BZ_QA_CONF_FILE perl checksetup.pl --no-database --default-localconfig mkdir artifacts @@ -78,7 +85,6 @@ jobs: -t bmo . - deploy: command: | - docker build -t bmo . if [[ -n "$DOCKERHUB_REPO" && -n "$DOCKER_USER" && -n "$DOCKER_PASS" ]]; then TAG="${CIRCLE_TAG:-$CIRCLE_BRANCH}" if [[ $TAG == "master" ]]; then @@ -159,13 +165,9 @@ jobs: - run: | mv /opt/bmo/local /app/local perl checksetup.pl --no-database - perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_ANSWERS_FILE /app/scripts/entrypoint.pl load_test_data mkdir artifacts - - run: | - BZ_BASE_URL="http://$(hostname):$PORT" - export BZ_BASE_URL - /app/scripts/entrypoint.pl test_bmo -q -f t/bmo/*.t + - run: /app/scripts/entrypoint.pl test_bmo -q -f t/bmo/*.t - store_artifacts: path: /app/logs @@ -192,4 +194,4 @@ workflows: requires: - test_sanity - test_bmo - - test_webservices
\ No newline at end of file + - test_webservices @@ -52,6 +52,8 @@ RewriteRule ^__version__$ version.json [L] # heartbeat.cgi returns 200 if the DB and memcached are both working, and 500 otherwise. RewriteRule ^__heartbeat__$ heartbeat.cgi [L] +RewriteRule ^robots\.txt$ robots.cgi [L] + # New single page interface for filing bugs RewriteRule ^new[-_]bug$ new_bug.cgi [L,QSA] diff --git a/.perlcriticrc b/.perlcriticrc index 14b2d7cab..15ff6c82b 100644 --- a/.perlcriticrc +++ b/.perlcriticrc @@ -5,7 +5,7 @@ severity = 1 #perltidyrc = .perltidyrc [InputOutput::RequireCheckedSyscalls] functions = :builtins -exclude_functions = print say binmode +exclude_functions = print say sleep binmode [-BuiltinFunctions::ProhibitUselessTopic] [-ControlStructures::ProhibitCascadingIfElse] @@ -17,15 +17,18 @@ exclude_functions = print say binmode [-Modules::RequireVersionVar] [-References::ProhibitDoubleSigils] [-RegularExpressions::ProhibitComplexRegexes] +[-RegularExpressions::RequireDotMatchAnything] +[-RegularExpressions::RequireLineBoundaryMatching] [-RegularExpressions::RequireExtendedFormatting] [-Subroutines::ProhibitExcessComplexity] [-ValuesAndExpressions::ProhibitConstantPragma] [-ValuesAndExpressions::ProhibitEmptyQuotes] [-ValuesAndExpressions::ProhibitMagicNumbers] +[-ValuesAndExpressions::ProhibitNoisyQuotes] +[-ValuesAndExpressions::ProhibitNoisyQuotes] [-ValuesAndExpressions::ProhibitVersionStrings] [-Variables::ProhibitLocalVars] [-Variables::ProhibitPackageVars] -[-ValuesAndExpressions::ProhibitNoisyQuotes] # this policy is broken currently [-Freenode::PackageMatchesFilename] diff --git a/Bugzilla.pm b/Bugzilla.pm index e985423c5..07482c0f7 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -401,7 +401,7 @@ sub login { my $self_url = trim($cgi->self_url); my $sig_type = 'prev_url:' . $authenticated_user->id; my $self_url_sig = issue_hash_sig($sig_type, $self_url); - my $redir_url = URI->new( correct_urlbase() . "reset_password.cgi" ); + my $redir_url = URI->new( Bugzilla->localconfig->{urlbase} . "reset_password.cgi" ); $redir_url->query_form(prev_url => $self_url, prev_url_sig => $self_url_sig); print $cgi->redirect($redir_url); exit; diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm index 22a765f61..a813529d5 100644 --- a/Bugzilla/Auth/Login/CGI.pm +++ b/Bugzilla/Auth/Login/CGI.pm @@ -49,7 +49,7 @@ sub get_login_info { # Attachments are served from a separate host (ideally), and so # an evil attachment cannot abuse this check with a redirect. elsif (my $referer = $cgi->referer) { - my $urlbase = correct_urlbase(); + my $urlbase = Bugzilla->localconfig->{urlbase}; $valid = 1 if $referer =~ /^\Q$urlbase\E/; } # If the web browser doesn't accept cookies and the Referer header diff --git a/Bugzilla/BugUrl/Bugzilla/Local.pm b/Bugzilla/BugUrl/Bugzilla/Local.pm index a5cb5d49b..14d03f048 100644 --- a/Bugzilla/BugUrl/Bugzilla/Local.pm +++ b/Bugzilla/BugUrl/Bugzilla/Local.pm @@ -96,7 +96,7 @@ sub _check_value { sub local_uri { my ($self, $bug_id) = @_; $bug_id ||= ''; - return correct_urlbase() . "show_bug.cgi?id=$bug_id"; + return Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$bug_id"; } 1; diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index ea8d96da8..0f9b0cf88 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -57,12 +57,12 @@ sub DEFAULT_CSP { # Because show_bug code lives in many different .cgi files, # we needed a centralized place to define the policy. # normally the policy would just live in one .cgi file. -# Additionally, correct_urlbase() cannot be called at compile time, so this can't be a constant. +# Additionally, Bugzilla->localconfig->{urlbase} cannot be called at compile time, so this can't be a constant. sub SHOW_BUG_MODAL_CSP { my ($bug_id) = @_; my %policy = ( script_src => ['self', 'nonce', 'unsafe-inline', 'unsafe-eval', 'https://www.google-analytics.com' ], - object_src => [correct_urlbase() . "extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf"], + object_src => [Bugzilla->localconfig->{urlbase} . "extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf"], img_src => [ 'self', 'https://secure.gravatar.com', 'https://www.google-analytics.com' ], connect_src => [ 'self', @@ -76,7 +76,7 @@ sub SHOW_BUG_MODAL_CSP { ], ); if (use_attachbase() && $bug_id) { - my $attach_base = Bugzilla->params->{'attachment_base'}; + my $attach_base = Bugzilla->localconfig->{'attachment_base'}; $attach_base =~ s/\%bugid\%/$bug_id/g; push @{ $policy{img_src} }, $attach_base; } @@ -141,7 +141,7 @@ sub new { # Send appropriate charset $self->charset(Bugzilla->params->{'utf8'} ? 'UTF-8' : ''); - # Redirect to urlbase/sslbase if we are not viewing an attachment. + # Redirect to urlbase if we are not viewing an attachment. if ($self->url_is_attachment_base and $script ne 'attachment.cgi') { $self->redirect_to_urlbase(); } @@ -177,7 +177,7 @@ sub new { sub target_uri { my ($self) = @_; - my $base = correct_urlbase(); + my $base = Bugzilla->localconfig->{urlbase}; if (my $request_uri = $self->request_uri) { my $base_uri = URI->new($base); $base_uri->path(''); @@ -594,11 +594,12 @@ sub send_cookie { } # Add the default path and the domain in. - $paramhash{'-path'} = Bugzilla->params->{'cookiepath'}; - $paramhash{'-domain'} = Bugzilla->params->{'cookiedomain'} - if Bugzilla->params->{'cookiedomain'}; + state $uri = URI->new( Bugzilla->localconfig->{urlbase} ); + $paramhash{'-path'} = $uri->path; + # we don't set the domain. $paramhash{'-secure'} = 1 - if Bugzilla->params->{'ssl_redirect'}; + if lc( $uri->scheme ) eq 'https'; + # Move the param list back into an array for the call to cookie(). foreach (keys(%paramhash)) { @@ -683,14 +684,15 @@ sub redirect_search_url { sub redirect_to_https { my $self = shift; - my $sslbase = Bugzilla->params->{'sslbase'}; + my $urlbase = Bugzilla->localconfig->{'urlbase'}; + # If this is a POST, we don't want ?POSTDATA in the query string. # We expect the client to re-POST, which may be a violation of # the HTTP spec, but the only time we're expecting it often is # in the WebService, and WebService clients usually handle this # correctly. $self->delete('POSTDATA'); - my $url = $sslbase . $self->url('-path_info' => 1, '-query' => 1, + my $url = $urlbase . $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1); # XML-RPC clients (SOAP::Lite at least) require a 301 to redirect properly @@ -707,14 +709,14 @@ sub redirect_to_https { sub redirect_to_urlbase { my $self = shift; my $path = $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1); - print $self->redirect('-location' => correct_urlbase() . $path); + print $self->redirect('-location' => Bugzilla->localconfig->{urlbase} . $path); exit; } sub url_is_attachment_base { my ($self, $id) = @_; return 0 if !use_attachbase() or !i_am_cgi(); - my $attach_base = Bugzilla->params->{'attachment_base'}; + my $attach_base = Bugzilla->localconfig->{'attachment_base'}; # If we're passed an id, we only want one specific attachment base # for a particular bug. If we're not passed an ID, we just want to # know if our current URL matches the attachment_base *pattern*. @@ -860,9 +862,6 @@ As its only argument, it takes the name of the cookie to expire. =item C<redirect_to_https> -This routine redirects the client to the https version of the page that -they're looking at, using the C<sslbase> parameter for the redirection. - Generally you should use L<Bugzilla::Util/do_ssl_redirect_if_required> instead of calling this directly. diff --git a/Bugzilla/Config/Advanced.pm b/Bugzilla/Config/Advanced.pm index d7fdd34aa..dc5be490f 100644 --- a/Bugzilla/Config/Advanced.pm +++ b/Bugzilla/Config/Advanced.pm @@ -17,12 +17,6 @@ our $sortkey = 1700; use constant get_param_list => ( { - name => 'cookiedomain', - type => 't', - default => '' - }, - - { name => 'inbound_proxies', type => 't', default => '', diff --git a/Bugzilla/Config/Attachment.pm b/Bugzilla/Config/Attachment.pm index bc2f45029..c3dbd03ed 100644 --- a/Bugzilla/Config/Attachment.pm +++ b/Bugzilla/Config/Attachment.pm @@ -24,12 +24,6 @@ sub get_param_list { default => 0 }, { - name => 'attachment_base', - type => 't', - default => '', - checker => \&check_urlbase - }, - { name => 'allow_attachment_deletion', type => 'b', default => 0 @@ -68,7 +62,7 @@ sub get_param_list { sub check_params { my ( $class, $params ) = @_; - return unless $params->{attachment_storage} eq 's3'; + return '' unless $params->{attachment_storage} eq 's3'; if ( $params->{s3_bucket} eq '' || $params->{aws_access_key_id} eq '' diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm index 8b1a9da91..fabf7c880 100644 --- a/Bugzilla/Config/Common.pm +++ b/Bugzilla/Config/Common.pm @@ -23,7 +23,7 @@ use Bugzilla::Status; use base qw(Exporter); @Bugzilla::Config::Common::EXPORT = qw( check_multi check_numeric check_regexp check_url check_group - check_sslbase check_priority check_severity check_platform + check_priority check_severity check_platform check_opsys check_shadowdb check_urlbase check_webdotbase check_user_verify_class check_mail_delivery_method check_notification check_utf8 @@ -81,32 +81,6 @@ sub check_email { return ""; } -sub check_sslbase { - my $url = shift; - if ( $url ne '' ) { - if ( $url !~ m#^https://([^/]+).*/$# ) { - return "must be a legal URL, that starts with https and ends with a slash."; - } - my $host = $1; - - # Fall back to port 443 if for some reason getservbyname() fails. - my $port = getservbyname( 'https', 'tcp' ) || 443; - if ( $host =~ /^(.+):(\d+)$/ ) { - $host = $1; - $port = $2; - } - local *SOCK; - my $proto = getprotobyname('tcp'); - socket( SOCK, PF_INET, SOCK_STREAM, $proto ); - my $iaddr = inet_aton($host) || return "The host $host cannot be resolved"; - my $sin = sockaddr_in( $port, $iaddr ); - if ( !connect( SOCK, $sin ) ) { - return "Failed to connect to $host:$port; unable to enable SSL"; - } - close(SOCK); - } - return ""; -} sub check_utf8 { my $utf8 = shift; diff --git a/Bugzilla/Config/Core.pm b/Bugzilla/Config/Core.pm deleted file mode 100644 index b3848a16e..000000000 --- a/Bugzilla/Config/Core.pm +++ /dev/null @@ -1,46 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -package Bugzilla::Config::Core; - -use 5.10.1; -use strict; -use warnings; - -use Bugzilla::Config::Common; - -our $sortkey = 100; - -use constant get_param_list => ( - { - name => 'urlbase', - type => 't', - default => '', - checker => \&check_urlbase - }, - - { - name => 'ssl_redirect', - type => 'b', - default => 0 - }, - - { - name => 'sslbase', - type => 't', - default => '', - checker => \&check_sslbase - }, - - { - name => 'cookiepath', - type => 't', - default => '/' - }, -); - -1; diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index bb87e499e..01b8d7e8e 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -416,9 +416,6 @@ sub FILESYSTEM { "skins/yui3.css" => { perms => CGI_READ, overwrite => 1, contents => $yui3_all_css }, - "robots.txt" => { perms => CGI_READ, - overwrite => 1, - contents => \&robots_txt}, "httpd/env.conf" => { perms => CGI_READ, overwrite => 1, contents => \&HTTPD_ENV_CONF }, @@ -969,15 +966,6 @@ sub _check_web_server_group { return $group_id; } -sub robots_txt { - my $output = ''; - my %vars; - Bugzilla::Hook::process("before_robots_txt", { vars => \%vars }); - Bugzilla->template->process("robots.txt.tmpl", \%vars, \$output) - or die Bugzilla->template->error; - return $output; -} - 1; diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index c1c8fb12e..f877829c5 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -31,6 +31,7 @@ use Tie::Hash::NamedCapture; use Safe; use Term::ANSIColor; use Taint::Util qw(untaint); +use Sys::Hostname qw(hostname); use parent qw(Exporter); @@ -122,10 +123,11 @@ use constant LOCALCONFIG_VARS => ( }, { name => 'diffpath', - default => sub { dirname(bin_loc('diff')) }, + default => sub { dirname( bin_loc('diff') ) }, }, { - name => 'site_wide_secret', + name => 'site_wide_secret', + # 64 characters is roughly the equivalent of a 384-bit key, which # is larger than anybody would ever be able to brute-force. default => sub { generate_random_password(64) }, @@ -148,14 +150,23 @@ use constant LOCALCONFIG_VARS => ( }, { name => 'memcached_servers', - default => _migrate_param("memcached_servers", ""), + default => _migrate_param( "memcached_servers", "" ), }, { name => 'memcached_namespace', - default => _migrate_param("memcached_namespace", "bugzilla:"), + default => _migrate_param( "memcached_namespace", "bugzilla:" ), + }, + { + name => 'urlbase', + default => _migrate_param( "urlbase", "" ), }, + { + name => 'attachment_base', + default => _migrate_param( "attachment_base", '' ), + } ); + use constant ENV_KEYS => ( (map { ENV_PREFIX . $_->{name} } LOCALCONFIG_VARS), (map { ENV_PREFIX . $_ } PARAM_OVERRIDE), diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm index 768f68607..6e46d1862 100644 --- a/Bugzilla/Mailer.pm +++ b/Bugzilla/Mailer.pm @@ -104,10 +104,7 @@ sub MessageToMTA { # We add this header to uniquely identify all email that we # send as coming from this Bugzilla installation. # - # We don't use correct_urlbase, because we want this URL to - # *always* be the same for this Bugzilla, in every email, - # even if the admin changes the "ssl_redirect" parameter some day. - $email->header_set('X-Bugzilla-URL', Bugzilla->params->{'urlbase'}); + $email->header_set('X-Bugzilla-URL', Bugzilla->localconfig->{urlbase}); # We add this header to mark the mail as "auto-generated" and # thus to hopefully avoid auto replies. @@ -156,7 +153,7 @@ sub MessageToMTA { else { # Sendmail will automatically append our hostname to the From # address, but other mailers won't. - my $urlbase = Bugzilla->params->{'urlbase'}; + my $urlbase = Bugzilla->localconfig->{urlbase}; $urlbase =~ m|//([^:/]+)[:/]?|; $hostname = $1; $from .= "\@$hostname" if $from !~ /@/; @@ -248,7 +245,7 @@ sub build_thread_marker { $user_id = Bugzilla->user->id; } - my $sitespec = '@' . Bugzilla->params->{'urlbase'}; + my $sitespec = '@' . Bugzilla->localconfig->{urlbase}; $sitespec =~ s/:\/\//\./; # Make the protocol look like part of the domain $sitespec =~ s/^([^:\/]+):(\d+)/$1/; # Remove a port number, to relocate if ($2) { diff --git a/Bugzilla/Search/Quicksearch.pm b/Bugzilla/Search/Quicksearch.pm index b28829c3a..6897d2219 100644 --- a/Bugzilla/Search/Quicksearch.pm +++ b/Bugzilla/Search/Quicksearch.pm @@ -266,7 +266,7 @@ sub quicksearch { my $modified_query_string = $cgi->canonicalise_query(@params_to_strip); if ($cgi->param('load')) { - my $urlbase = correct_urlbase(); + my $urlbase = Bugzilla->localconfig->{urlbase}; # Param 'load' asks us to display the query in the advanced search form. print $cgi->redirect(-uri => "${urlbase}query.cgi?format=advanced&" . $modified_query_string); @@ -315,7 +315,7 @@ sub _bug_numbers_only { if ($searchstring !~ /,/ && !i_am_webservice()) { # Single bug number; shortcut to show_bug.cgi. print $cgi->redirect( - -uri => correct_urlbase() . "show_bug.cgi?id=$searchstring"); + -uri => Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$searchstring"); exit; } else { @@ -338,7 +338,7 @@ sub _handle_alias { if ($bug_id && Bugzilla->user->can_see_bug($bug_id) && !i_am_webservice()) { $alias = url_quote($alias); print Bugzilla->cgi->redirect( - -uri => correct_urlbase() . "show_bug.cgi?id=$alias"); + -uri => Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$alias"); exit; } } diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 49b7e9435..206f2f3cb 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -191,9 +191,7 @@ sub quoteUrls { } # Provide tooltips for full bug links (Bug 74355) - my $urlbase_re = '(' . join('|', - map { qr/$_/ } grep($_, Bugzilla->params->{'urlbase'}, - Bugzilla->params->{'sslbase'})) . ')'; + my $urlbase_re = quotemeta(Bugzilla->localconfig->{urlbase}); $text =~ s~\b(${urlbase_re}\Qshow_bug.cgi?id=\E([0-9]+)(\#c([0-9]+))?)\b ~($things[$count++] = $bug_link_func->($3, $1, { comment_num => $5, user => $user })) && ("\x{FDD2}" . ($count-1) . "\x{FDD3}") @@ -1036,7 +1034,7 @@ sub create { 'sudoer' => sub { return Bugzilla->sudoer; }, # Allow templates to access the "corect" URLBase value - 'urlbase' => sub { return Bugzilla::Util::correct_urlbase(); }, + 'urlbase' => sub { return Bugzilla->localconfig->{urlbase}; }, # Allow templates to access docs url with users' preferred language 'docs_urlbase' => sub { diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index df2f78823..c23e738e6 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -259,34 +259,14 @@ sub i_am_webservice { # (doing so can mess up XML-RPC). sub do_ssl_redirect_if_required { return if !i_am_cgi(); - return if !Bugzilla->params->{'ssl_redirect'}; - - my $sslbase = Bugzilla->params->{'sslbase'}; + my $uri = URI->new(Bugzilla->localconfig->{'urlbase'}); + return if $uri->scheme ne 'https'; # If we're already running under SSL, never redirect. - return if uc($ENV{HTTPS} || '') eq 'ON'; - # Never redirect if there isn't an sslbase. - return if !$sslbase; + return if $ENV{HTTPS} && $ENV{HTTPS} eq 'on'; Bugzilla->cgi->redirect_to_https(); } -sub correct_urlbase { - my $ssl = Bugzilla->params->{'ssl_redirect'}; - my $urlbase = Bugzilla->params->{'urlbase'}; - my $sslbase = Bugzilla->params->{'sslbase'}; - - if (!$sslbase) { - return $urlbase; - } - elsif ($ssl) { - return $sslbase; - } - else { - # Return what the user currently uses. - return (uc($ENV{HTTPS} || '') eq 'ON') ? $sslbase : $urlbase; - } -} - # Returns the real remote address of the client, sub remote_ip { my $remote_ip = $ENV{'REMOTE_ADDR'} || '127.0.0.1'; @@ -383,10 +363,9 @@ sub is_ipv6 { } sub use_attachbase { - my $attachbase = Bugzilla->params->{'attachment_base'}; - return ($attachbase ne '' - && $attachbase ne Bugzilla->params->{'urlbase'} - && $attachbase ne Bugzilla->params->{'sslbase'}) ? 1 : 0; + my $attachbase = Bugzilla->localconfig->{'attachment_base'}; + my $urlbase = Bugzilla->localconfig->{'urlbase'}; + return ($attachbase ne '' && $attachbase ne $urlbase); } sub diff_arrays { @@ -932,7 +911,7 @@ Bugzilla::Util - Generic utility functions for bugzilla # Functions that tell you about your environment my $is_cgi = i_am_cgi(); my $is_webservice = i_am_webservice(); - my $urlbase = correct_urlbase(); + my $urlbase = Bugzilla->localconfig->{urlbase}; # Data manipulation ($removed, $added) = diff_arrays(\@old, \@new); @@ -1066,11 +1045,6 @@ in a command-line script. Tells you whether or not the current usage mode is WebServices related such as JSONRPC or XMLRPC. -=item C<correct_urlbase()> - -Returns either the C<sslbase> or C<urlbase> parameter, depending on the -current setting for the C<ssl_redirect> parameter. - =item C<remote_ip()> Returns the IP address of the remote client. If Bugzilla is behind diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index 0bd7b4648..093167048 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -149,7 +149,7 @@ sub retrieve_json_from_get { # order to throw proper errors. We use the installation's urlbase as # the id, in this case. else { - $id = correct_urlbase(); + $id = Bugzilla->localconfig->{urlbase}; } # Setting _bz_request_id here is required in case we throw errors early, # before _handle. diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index 6e1944061..6fb86fdd4 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -17,7 +17,7 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Hook; -use Bugzilla::Util qw(correct_urlbase html_quote disable_utf8 enable_utf8); +use Bugzilla::Util qw(html_quote disable_utf8 enable_utf8); use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(taint_data fix_credentials); @@ -94,7 +94,7 @@ sub handle { # also set up the correct handler method my $obj = { version => '1.1', - id => correct_urlbase(), + id => Bugzilla->localconfig->{urlbase}, method => $self->bz_method_name, params => $params }; diff --git a/README.rst b/README.rst index 86e4dd414..ccbd51325 100644 --- a/README.rst +++ b/README.rst @@ -176,6 +176,29 @@ PORT BUGZILLA_UNSAFE_AUTH_DELEGATION This should never be set in production. It allows auth delegation over http. +BMO_urlbase + The public url for this instance. Note that if this begins with https:// + abd BMO_inbound_proxies is set to '*' Bugzilla will believe the connection to it + is using SSL. + +BMO_attachment_base + This is the url for attachments. + When the allow_attachment_display parameter is on, it is possible for a + malicious attachment to steal your cookies or perform an attack on Bugzilla + using your credentials. + + If you would like additional security on attachments to avoid this, set this + parameter to an alternate URL for your Bugzilla that is not the same as + urlbase or sslbase. That is, a different domain name that resolves to this + exact same Bugzilla installation. + + For added security, you can insert %bugid% into the URL, which will be + replaced with the ID of the current bug that the attachment is on, when you + access an attachment. This will limit attachments to accessing only other + attachments on the same bug. Remember, though, that all those possible domain + names (such as 1234.your.domain.com) must point to this same Bugzilla + instance. + BMO_db_driver What SQL database to use. Default is mysql. List of supported databases can be obtained by listing Bugzilla/DB directory - every module corresponds to one diff --git a/attachment.cgi b/attachment.cgi index 432ce8914..d1523d248 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -61,7 +61,7 @@ if (Bugzilla->params->{disable_bug_updates} && $cgi->request_method eq 'POST') { 'Bug updates are currently disabled.'); } -# You must use the appropriate urlbase/sslbase param when doing anything +# You must use the appropriate urlbase param when doing anything # but viewing an attachment, or a raw diff. if ($action ne 'view' && (($action !~ /^(?:interdiff|diff)$/) || $format ne 'raw')) @@ -267,7 +267,7 @@ sub get_attachment { } unless ($userid && $valid_token) { # Not a valid token. - print $cgi->redirect('-location' => correct_urlbase() . $path); + print $cgi->redirect('-location' => Bugzilla->localconfig->{urlbase} . $path); exit; } # Change current user without creating cookies. @@ -287,7 +287,7 @@ sub get_attachment { # make sure we were not going to request credentials on the # alternate host. Bugzilla->login(); - my $attachbase = Bugzilla->params->{'attachment_base'}; + my $attachbase = Bugzilla->localconfig->{'attachment_base'}; # Replace %bugid% by the ID of the bug the attachment # belongs to, if present. $attachbase =~ s/\%bugid\%/$bug_id/; @@ -377,7 +377,7 @@ sub view { Bugzilla::Hook::process('attachment_should_redirect_login', { do_redirect => \$do_redirect }); if ($do_redirect) { - my $uri = URI->new(correct_urlbase() . 'attachment.cgi'); + my $uri = URI->new(Bugzilla->localconfig->{urlbase} . 'attachment.cgi'); $uri->query_param(id => $attachment->id); $uri->query_param(content_type => $contenttype) if $contenttype_override; @@ -215,7 +215,7 @@ elsif ($action eq "convert_search") { $url = $params->canonicalise_query('format', 'query_format'); $url = '&' . html_quote($url); } - print $cgi->redirect(-location => correct_urlbase() . "query.cgi?format=create-series$url"); + print $cgi->redirect(-location => Bugzilla->localconfig->{urlbase} . "query.cgi?format=create-series$url"); } else { ThrowUserError('unknown_action', {action => $action}); diff --git a/checksetup.pl b/checksetup.pl index cd973f5c7..6cea8549d 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -155,6 +155,14 @@ unless ($ENV{LOCALCONFIG_ENV}) { } my $lc_hash = Bugzilla->localconfig; +unless ($switch{'no-database'}) { + die "urlbase is not set\n" unless $lc_hash->{urlbase}; + die "urlbase must end with slash\n" unless $lc_hash->{urlbase} =~ m{/$}ms; + if ($lc_hash->{attachment_base}) { + die "attachment_base must end with slash\n" unless $lc_hash->{attachment_base} =~ m{/$}ms; + } +} + ########################################################################### # Check --DATABASE-- setup ########################################################################### @@ -279,12 +287,6 @@ unless ($switch{'no-database'}) { # Reset the mod_perl pre-load list unlink(Bugzilla::Constants::bz_locations()->{datadir} . '/mod_perl_preload'); - # Check if the default parameter for urlbase is still set, and if so, give - # notification that they should go and visit editparams.cgi - if (Bugzilla->params->{'urlbase'} eq '') { - print "\n" . get_text('install_urlbase_default') . "\n" - unless $silent; - } if (!$silent) { success(get_text('install_success')); } diff --git a/docs/en/rst/administering/parameters.rst b/docs/en/rst/administering/parameters.rst index 75974d388..338df3eb3 100644 --- a/docs/en/rst/administering/parameters.rst +++ b/docs/en/rst/administering/parameters.rst @@ -10,47 +10,6 @@ accessed via the menu on the left. .. _param-required-settings: -Required Settings -================= - -The core required parameters for any Bugzilla installation are set -here. :param:`urlbase` is always required; the other parameters should be -set, or it must be explicitly decided not to -set them, before the new Bugzilla installation starts to be used. - -urlbase - Defines the fully qualified domain name and web - server path to this Bugzilla installation. - For example, if the Bugzilla query page is - :file:`http://www.foo.com/bugzilla/query.cgi`, - the :param:`urlbase` should be set - to :paramval:`http://www.foo.com/bugzilla/`. - -ssl_redirect - If enabled, Bugzilla will force HTTPS (SSL) connections, by - automatically redirecting any users who try to use a non-SSL - connection. Also, when this is enabled, Bugzilla will send out links - using :param:`sslbase` in emails instead of :param:`urlbase`. - -sslbase - Defines the fully qualified domain name and web - server path for HTTPS (SSL) connections to this Bugzilla installation. - For example, if the Bugzilla main page is - :file:`https://www.foo.com/bugzilla/index.cgi`, - the :param:`sslbase` should be set - to :paramval:`https://www.foo.com/bugzilla/`. - -cookiepath - Defines a path, relative to the web document root, that Bugzilla - cookies will be restricted to. For example, if the - :param:`urlbase` is set to - :file:`http://www.foo.com/bugzilla/`, the - :param:`cookiepath` should be set to - :paramval:`/bugzilla/`. Setting it to :paramval:`/` will allow all sites - served by this web server or virtual host to read Bugzilla cookies. - -.. _param-general: - General ======= @@ -197,16 +156,7 @@ and whether to allow pointing to external files via a URI. allow_attachment_display If this option is on, users will be able to view attachments from their browser, if their browser supports the attachment's MIME type. If this option is off, users are forced to download attachments, even if the browser is able to display them. - If you do not trust your users (e.g. if your Bugzilla is public), you should either leave this option off, or configure and set the :param:`attachment_base` parameter (see below). Untrusted users may upload attachments that could be potentially damaging if viewed directly in the browser. - -attachment_base - When the :param:`allow_attachment_display` parameter is on, it is possible for a malicious attachment to steal your cookies or perform an attack on Bugzilla using your credentials. - - If you would like additional security on attachments to avoid this, set this parameter to an alternate URL for your Bugzilla that is not the same as :param:`urlbase` or :param:`sslbase`. That is, a different domain name that resolves to this exact same Bugzilla installation. - - Note that if you have set the :param:`cookiedomain` parameter, you should set :param:`attachment_base` to use a domain that would not be matched by :param:`cookiedomain`. - - For added security, you can insert ``%bugid%`` into the URL, which will be replaced with the ID of the current bug that the attachment is on, when you access an attachment. This will limit attachments to accessing only other attachments on the same bug. Remember, though, that all those possible domain names (such as 1234.your.domain.com) must point to this same Bugzilla instance. To set this up you need to investigate wildcard DNS. + If you do not trust your users (e.g. if your Bugzilla is public), you should either leave this option off, or configure and set the attachment_base localconfig variable. Untrusted users may upload attachments that could be potentially damaging if viewed directly in the browser. allow_attachment_deletion If this option is on, administrators will be able to delete the contents @@ -747,15 +697,6 @@ confirmuniqueusermatch Advanced ======== -cookiedomain - Defines the domain for Bugzilla cookies. This is typically left blank. - If there are multiple hostnames that point to the same webserver, which - require the same cookie, then this parameter can be utilized. For - example, If your website is at - ``https://bugzilla.example.com/``, setting this to - :paramval:`.example.com/` will also allow - ``attachments.example.com/`` to access Bugzilla cookies. - inbound_proxies When inbound traffic to Bugzilla goes through a proxy, Bugzilla thinks that the IP address of the proxy is the IP address of every single user. If you enter a comma-separated list of IPs in this parameter, then Bugzilla will trust any ``X-Forwarded-For`` header sent from those IPs, and use the value of that header as the end user's IP address. diff --git a/editparams.cgi b/editparams.cgi index d3b48b93c..ac7976d99 100755 --- a/editparams.cgi +++ b/editparams.cgi @@ -38,7 +38,7 @@ $user->in_group('tweakparams') my $action = trim($cgi->param('action') || ''); my $token = $cgi->param('token'); -my $current_panel = $cgi->param('section') || 'core'; +my $current_panel = $cgi->param('section') || 'general'; $current_panel =~ /^([A-Za-z0-9_-]+)$/; $current_panel = $1; diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm index db672f82a..e69d6f1e2 100644 --- a/extensions/BMO/Extension.pm +++ b/extensions/BMO/Extension.pm @@ -1532,8 +1532,8 @@ sub field_end_of_create { # Create an IT bug so Mozilla's DBAs so they can update the grants for metrics - if (Bugzilla->params->{'urlbase'} ne 'https://bugzilla.mozilla.org/' - && Bugzilla->params->{'urlbase'} ne 'https://bugzilla.allizom.org/') + if (Bugzilla->localconfig->{'urlbase'} ne 'https://bugzilla.mozilla.org/' + && Bugzilla->localconfig->{'urlbase'} ne 'https://bugzilla.allizom.org/') { return; } @@ -2544,11 +2544,6 @@ sub install_filesystem { my $contribute = eval { $json->decode(scalar read_file(bz_locations()->{cgi_path} . "/contribute.json")); }; - my $commit = $ENV{CIRCLE_SHA1}; - unless ($commit) { - $commit = `git rev-parse HEAD`; - chomp $commit; - } if (!$contribute) { die "Missing or invalid contribute.json file"; @@ -2557,8 +2552,8 @@ sub install_filesystem { my $version_obj = { source => $contribute->{repository}{url}, version => BUGZILLA_VERSION, - commit => $commit // "unknown", - build => $ENV{CIRCLE_BUILD_NUM} // "unknown", + commit => $ENV{CIRCLE_SHA1} // 'unknown', + build => $ENV{CIRCLE_BUILD_NUM} // 'unknown', }; $create_files->{'version.json'} = { diff --git a/extensions/BMO/lib/Reports/ReleaseTracking.pm b/extensions/BMO/lib/Reports/ReleaseTracking.pm index b6c7c4520..42ef24b47 100644 --- a/extensions/BMO/lib/Reports/ReleaseTracking.pm +++ b/extensions/BMO/lib/Reports/ReleaseTracking.pm @@ -16,7 +16,7 @@ use Bugzilla::Error; use Bugzilla::Extension::BMO::Util; use Bugzilla::Field; use Bugzilla::FlagType; -use Bugzilla::Util qw(correct_urlbase trick_taint validate_date); +use Bugzilla::Util qw(trick_taint validate_date); use JSON qw(-convert_blessed_universally); use List::MoreUtils qw(uniq); @@ -434,7 +434,7 @@ sub report { my $bugs = $dbh->selectcol_arrayref($query, undef, @params); push @$bugs, 0 unless @$bugs; - my $urlbase = correct_urlbase(); + my $urlbase = Bugzilla->localconfig->{urlbase}; my $cgi = Bugzilla->cgi; print $cgi->redirect( -url => "${urlbase}buglist.cgi?bug_id=" . join(',', @$bugs) diff --git a/extensions/Bitly/lib/WebService.pm b/extensions/Bitly/lib/WebService.pm index b8ada56d2..4b44faa0e 100644 --- a/extensions/Bitly/lib/WebService.pm +++ b/extensions/Bitly/lib/WebService.pm @@ -18,7 +18,7 @@ use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Search; use Bugzilla::Search::Quicksearch; -use Bugzilla::Util 'correct_urlbase'; +use Bugzilla::Util (); use Bugzilla::WebService::Util 'validate'; use JSON; use LWP::UserAgent; @@ -47,7 +47,7 @@ sub _validate_uri { my $uri = URI->new($url); $uri->query(undef); $uri->fragment(undef); - if ($uri->as_string ne correct_urlbase() . 'buglist.cgi') { + if ($uri->as_string ne Bugzilla->localconfig->{urlbase} . 'buglist.cgi') { ThrowUserError('bitly_unsupported'); } @@ -82,7 +82,7 @@ sub list { my $data = $search->data; # form a bug_id only url, sanity check the length - $uri = URI->new(correct_urlbase() . 'buglist.cgi?bug_id=' . join(',', map { $_->[0] } @$data)); + $uri = URI->new(Bugzilla->localconfig->{urlbase} . 'buglist.cgi?bug_id=' . join(',', map { $_->[0] } @$data)); if (length($uri->as_string) > CGI_URI_LIMIT) { ThrowUserError('bitly_failure', { message => "Too many bugs returned by search" }); } diff --git a/extensions/BugModal/lib/ActivityStream.pm b/extensions/BugModal/lib/ActivityStream.pm index 708c056d4..098c5df33 100644 --- a/extensions/BugModal/lib/ActivityStream.pm +++ b/extensions/BugModal/lib/ActivityStream.pm @@ -274,7 +274,7 @@ sub _add_activities_to_stream { # split see-also if ($change->{fieldname} eq 'see_also') { - my $url_base = correct_urlbase(); + my $url_base = Bugzilla->localconfig->{urlbase}; foreach my $f (qw( added removed )) { my @values; foreach my $value (split(/, /, $change->{$f})) { diff --git a/extensions/BzAPI/lib/Resources/Bugzilla.pm b/extensions/BzAPI/lib/Resources/Bugzilla.pm index accbf71a7..6e350d839 100644 --- a/extensions/BzAPI/lib/Resources/Bugzilla.pm +++ b/extensions/BzAPI/lib/Resources/Bugzilla.pm @@ -18,7 +18,7 @@ use Bugzilla::Keyword; use Bugzilla::Product; use Bugzilla::Status; use Bugzilla::Field; -use Bugzilla::Util qw(correct_urlbase); +use Bugzilla::Util (); use Bugzilla::Extension::BzAPI::Constants; @@ -143,7 +143,7 @@ sub get_configuration { sub get_empty { my ($self) = @_; return { - ref => $self->type('string', correct_urlbase() . "bzapi/"), + ref => $self->type('string', Bugzilla->localconfig->{urlbase} . "bzapi/"), documentation => $self->type('string', BZAPI_DOC), version => $self->type('string', BUGZILLA_VERSION) }; diff --git a/extensions/BzAPI/lib/Util.pm b/extensions/BzAPI/lib/Util.pm index ac5e8cbd1..d50679a6c 100644 --- a/extensions/BzAPI/lib/Util.pm +++ b/extensions/BzAPI/lib/Util.pm @@ -21,7 +21,7 @@ use Bugzilla::Bug; use Bugzilla::Constants; use Bugzilla::Extension::BzAPI::Constants; use Bugzilla::Token; -use Bugzilla::Util qw(correct_urlbase email_filter); +use Bugzilla::Util qw(email_filter); use Bugzilla::WebService::Util qw(filter_wants); use MIME::Base64; @@ -44,7 +44,7 @@ our @EXPORT = qw( # Return an URL base appropriate for constructing a ref link # normally required by REST API calls. sub ref_urlbase { - return correct_urlbase() . "bzapi"; + return Bugzilla->localconfig->{urlbase} . "bzapi"; } # convert certain fields within a bug object diff --git a/extensions/GitHubAuth/lib/Client.pm b/extensions/GitHubAuth/lib/Client.pm index 46c070856..291501961 100644 --- a/extensions/GitHubAuth/lib/Client.pm +++ b/extensions/GitHubAuth/lib/Client.pm @@ -17,7 +17,7 @@ use URI::QueryParam; use Digest; use Bugzilla::Extension::GitHubAuth::Client::Error qw(ThrowUserError ThrowCodeError); -use Bugzilla::Util qw(remote_ip correct_urlbase); +use Bugzilla::Util qw(remote_ip); use constant DIGEST_HASH => 'SHA1'; @@ -39,7 +39,7 @@ sub new { sub login_uri { my ($class, $target_uri) = @_; - my $uri = URI->new(correct_urlbase() . "github.cgi"); + my $uri = URI->new(Bugzilla->localconfig->{urlbase} . "github.cgi"); $uri->query_form(target_uri => $target_uri); return $uri; } @@ -52,7 +52,7 @@ sub authorize_uri { client_id => Bugzilla->params->{github_client_id}, scope => 'user:email', state => $state, - redirect_uri => correct_urlbase() . "github.cgi", + redirect_uri => Bugzilla->localconfig->{urlbase} . "github.cgi", ); return $uri; diff --git a/extensions/GitHubAuth/lib/Login.pm b/extensions/GitHubAuth/lib/Login.pm index 3f81467d0..073fbfeea 100644 --- a/extensions/GitHubAuth/lib/Login.pm +++ b/extensions/GitHubAuth/lib/Login.pm @@ -17,7 +17,7 @@ use fields qw(github_failure); use Scalar::Util qw(blessed); use Bugzilla::Constants qw(AUTH_NODATA AUTH_ERROR USAGE_MODE_BROWSER); -use Bugzilla::Util qw(trick_taint correct_urlbase generate_random_password); +use Bugzilla::Util qw(trick_taint generate_random_password); use Bugzilla::Token qw(issue_short_lived_session_token set_token_extra_data); use List::MoreUtils qw(any); use Bugzilla::Extension::GitHubAuth::Client; @@ -201,7 +201,7 @@ sub _mk_choose_email { return sub { my $email = shift; - my $uri = URI->new(correct_urlbase() . "github.cgi"); + my $uri = URI->new(Bugzilla->localconfig->{urlbase} . "github.cgi"); $uri->query_form( state => $state, email => $email ); return $uri; }; diff --git a/extensions/InlineHistory/Extension.pm b/extensions/InlineHistory/Extension.pm index fb4a8f98f..adbfa4c74 100644 --- a/extensions/InlineHistory/Extension.pm +++ b/extensions/InlineHistory/Extension.pm @@ -16,7 +16,7 @@ use base qw(Bugzilla::Extension); use Bugzilla::User::Setting; use Bugzilla::Constants; use Bugzilla::Attachment; -use Bugzilla::Util 'correct_urlbase'; +use Bugzilla::Util (); our $VERSION = '1.5'; @@ -132,7 +132,7 @@ sub template_before_process { # split see-also if ($change->{fieldname} eq 'see_also') { - my $url_base = correct_urlbase(); + my $url_base = Bugzilla->localconfig->{urlbase}; foreach my $f (qw( added removed )) { my @values; foreach my $value (split(/, /, $change->{$f})) { diff --git a/extensions/Persona/lib/Login.pm b/extensions/Persona/lib/Login.pm index b9ba97a7e..9a5e3a5b7 100644 --- a/extensions/Persona/lib/Login.pm +++ b/extensions/Persona/lib/Login.pm @@ -43,7 +43,7 @@ sub get_login_info { $cgi->delete('token'); check_hash_token($token, ['login']); - my $urlbase = new URI(correct_urlbase()); + my $urlbase = new URI(Bugzilla->localconfig->{urlbase}); my $audience = $urlbase->scheme . "://" . $urlbase->host_port; my $ua = new LWP::UserAgent( timeout => 10 ); diff --git a/extensions/PhabBugz/lib/WebService.pm b/extensions/PhabBugz/lib/WebService.pm index 738077880..0ff2d46f9 100644 --- a/extensions/PhabBugz/lib/WebService.pm +++ b/extensions/PhabBugz/lib/WebService.pm @@ -20,7 +20,7 @@ use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Extension::Push::Util qw(is_public); use Bugzilla::User; -use Bugzilla::Util qw(correct_urlbase detaint_natural); +use Bugzilla::Util qw(detaint_natural); use Bugzilla::WebService::Constants; use Bugzilla::Extension::PhabBugz::Constants; @@ -111,7 +111,7 @@ sub revision { return { result => $result, attachment_id => $attachment->id, - attachment_link => correct_urlbase() . "attachment.cgi?id=" . $attachment->id + attachment_link => Bugzilla->localconfig->{urlbase} . "attachment.cgi?id=" . $attachment->id }; } diff --git a/extensions/Push/lib/Connector.disabled/AMQP.pm b/extensions/Push/lib/Connector.disabled/AMQP.pm index f712ee890..1ba365e21 100644 --- a/extensions/Push/lib/Connector.disabled/AMQP.pm +++ b/extensions/Push/lib/Connector.disabled/AMQP.pm @@ -27,7 +27,7 @@ sub init { if ($self->config->{queue}) { $self->{queue_name} = $self->config->{queue}; } else { - my $queue_name = Bugzilla->params->{'urlbase'}; + my $queue_name = Bugzilla->localconfig->{'urlbase'}; $queue_name =~ s#^https?://##; $queue_name =~ s#/$#|#; $queue_name .= generate_random_password(16); diff --git a/extensions/Push/lib/Connector.disabled/ServiceNow.pm b/extensions/Push/lib/Connector.disabled/ServiceNow.pm index a6d84cbe0..d0ebdcf10 100644 --- a/extensions/Push/lib/Connector.disabled/ServiceNow.pm +++ b/extensions/Push/lib/Connector.disabled/ServiceNow.pm @@ -241,7 +241,7 @@ sub send { $request->content(to_json($data)); $request->authorization_basic($self->config->{service_now_user}, $self->config->{service_now_pass}); - $self->{lwp} ||= LWP::UserAgent->new(agent => Bugzilla->params->{urlbase}); + $self->{lwp} ||= LWP::UserAgent->new(agent => Bugzilla->localconfig->{urlbase}); my $result = $self->{lwp}->request($request); # http level errors diff --git a/extensions/Push/lib/Connector/Spark.pm b/extensions/Push/lib/Connector/Spark.pm index 3194bd3ab..e58ddfbe4 100644 --- a/extensions/Push/lib/Connector/Spark.pm +++ b/extensions/Push/lib/Connector/Spark.pm @@ -18,7 +18,7 @@ use Bugzilla::Extension::Push::Constants; use Bugzilla::Extension::Push::Util; use Bugzilla::Bug; use Bugzilla::Attachment; -use Bugzilla::Util qw(correct_urlbase); +use Bugzilla::Util (); use JSON qw(decode_json encode_json); use LWP::UserAgent; @@ -108,7 +108,7 @@ sub send { } } } - $text .= correct_urlbase() . "show_bug.cgi?id=" . $bug->id; + $text .= Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=" . $bug->id; my $room_id = $self->config->{spark_room_id}; my $message_uri = $self->_spark_uri('messages'); diff --git a/extensions/SecureMail/Extension.pm b/extensions/SecureMail/Extension.pm index 0219ac3ba..d684b5a39 100644 --- a/extensions/SecureMail/Extension.pm +++ b/extensions/SecureMail/Extension.pm @@ -32,7 +32,7 @@ use Bugzilla::Comment; use Bugzilla::Group; use Bugzilla::Object; use Bugzilla::User; -use Bugzilla::Util qw(correct_urlbase trim trick_taint is_7bit_clean); +use Bugzilla::Util qw(trim trick_taint is_7bit_clean); use Bugzilla::Error; use Bugzilla::Mailer; @@ -568,7 +568,7 @@ sub _make_secure { my $message; my $email_type = $email->header('X-Bugzilla-Type'); my $vars = { - 'urlbase' => correct_urlbase(), + 'urlbase' => Bugzilla->localconfig->{urlbase}, 'bug_id' => $bug_id, 'maintainer' => Bugzilla->params->{'maintainer'}, 'email_type' => $email_type @@ -622,7 +622,7 @@ sub _pgp_encrypt { Data => $encrypted, Object => 'MESSAGE', Headers => { - Comment => correct_urlbase() . ($bug_id ? 'show_bug.cgi?id=' . $bug_id : ''), + Comment => Bugzilla->localconfig->{urlbase} . ($bug_id ? 'show_bug.cgi?id=' . $bug_id : ''), }, ); # until Crypt::OpenPGP makes the Version header optional we have to strip diff --git a/extensions/SiteMapIndex/Extension.pm b/extensions/SiteMapIndex/Extension.pm index a3f093485..3d4342e0e 100644 --- a/extensions/SiteMapIndex/Extension.pm +++ b/extensions/SiteMapIndex/Extension.pm @@ -31,7 +31,7 @@ use base qw(Bugzilla::Extension); our $VERSION = '1.0'; use Bugzilla::Constants qw(bz_locations ON_WINDOWS); -use Bugzilla::Util qw(correct_urlbase get_text); +use Bugzilla::Util qw(get_text); use Bugzilla::Install::Filesystem; use Bugzilla::Extension::SiteMapIndex::Constants; @@ -80,7 +80,7 @@ sub page_before_template { sub install_before_final_checks { my ($self) = @_; - if (!correct_urlbase()) { + if (!Bugzilla->localconfig->{urlbase}) { print STDERR get_text('sitemap_no_urlbase'), "\n"; return; } @@ -89,7 +89,7 @@ sub install_before_final_checks { return; } - return if (correct_urlbase() ne 'https://bugzilla.mozilla.org/'); + return if (Bugzilla->localconfig->{urlbase} ne 'https://bugzilla.mozilla.org/'); } sub install_filesystem { @@ -126,7 +126,7 @@ EOT sub before_robots_txt { my ($self, $args) = @_; - $args->{vars}{SITEMAP_URL} = correct_urlbase() . SITEMAP_URL; + $args->{vars}{SITEMAP_URL} = Bugzilla->localconfig->{urlbase} . SITEMAP_URL; } __PACKAGE__->NAME; diff --git a/extensions/SiteMapIndex/lib/Util.pm b/extensions/SiteMapIndex/lib/Util.pm index 3548e5af5..4519461b4 100644 --- a/extensions/SiteMapIndex/lib/Util.pm +++ b/extensions/SiteMapIndex/lib/Util.pm @@ -34,7 +34,7 @@ our @EXPORT = qw( use Bugzilla::Extension::SiteMapIndex::Constants; -use Bugzilla::Util qw(correct_urlbase datetime_from url_quote); +use Bugzilla::Util qw(datetime_from url_quote); use Bugzilla::Constants qw(bz_locations); use Scalar::Util qw(blessed); @@ -144,7 +144,7 @@ END foreach my $filename (@$filelist) { $index_xml .= " <sitemap> - <loc>" . correct_urlbase() . "data/$extension_name/$filename</loc> + <loc>" . Bugzilla->localconfig->{urlbase} . "data/$extension_name/$filename</loc> <lastmod>$timestamp</lastmod> </sitemap> "; @@ -166,8 +166,8 @@ END sub _generate_sitemap_file { my ($extension_name, $filecount, $products, $bugs) = @_; - my $bug_url = correct_urlbase() . 'show_bug.cgi?id='; - my $product_url = correct_urlbase() . 'describecomponents.cgi?product='; + my $bug_url = Bugzilla->localconfig->{urlbase} . 'show_bug.cgi?id='; + my $product_url = Bugzilla->localconfig->{urlbase} . 'describecomponents.cgi?product='; my $sitemap_xml = <<END; <?xml version="1.0" encoding="UTF-8"?> diff --git a/extensions/Splinter/lib/Util.pm b/extensions/Splinter/lib/Util.pm index d85b0532b..c85bb9b3b 100644 --- a/extensions/Splinter/lib/Util.pm +++ b/extensions/Splinter/lib/Util.pm @@ -88,7 +88,7 @@ sub attachment_id_is_patch { sub get_review_base { my $base = Bugzilla->params->{'splinter_base'}; $base =~ s!/$!!; - my $urlbase = correct_urlbase(); + my $urlbase = Bugzilla->localconfig->{urlbase}; $urlbase =~ s!/$!! if $base =~ "^/"; $base = $urlbase . $base; return $base; diff --git a/github.cgi b/github.cgi index 703617b32..acb02d466 100755 --- a/github.cgi +++ b/github.cgi @@ -13,7 +13,7 @@ use warnings; use lib qw(. lib local/lib/perl5); use Bugzilla; -use Bugzilla::Util qw( correct_urlbase ); +use Bugzilla::Util (); use Bugzilla::Error; use Bugzilla::Constants; use Bugzilla::Token qw( issue_short_lived_session_token @@ -26,7 +26,7 @@ BEGIN { Bugzilla->extensions } use Bugzilla::Extension::GitHubAuth::Client; my $cgi = Bugzilla->cgi; -my $urlbase = correct_urlbase(); +my $urlbase = Bugzilla->localconfig->{urlbase}; if (lc($cgi->request_method) eq 'post') { # POST requests come from Bugzilla itself and begin the GitHub login process diff --git a/httpd/httpd.conf b/httpd/httpd.conf index 8d0dad36d..a664ebb16 100644 --- a/httpd/httpd.conf +++ b/httpd/httpd.conf @@ -68,6 +68,9 @@ DocumentRoot "/app" <IfDefine HTTPD_IN_SUBDIR> Alias "/bmo" "/app" </IfDefine> +<IfDefine HTTPS> + SetEnv HTTPS on +</IfDefine> <Directory "/app"> Options -Indexes -FollowSymLinks AllowOverride None diff --git a/importxml.pl b/importxml.pl index 0de32ee62..23609f2b3 100755 --- a/importxml.pl +++ b/importxml.pl @@ -1214,7 +1214,7 @@ sub process_bug { $log .= "Bug ${urlbase}show_bug.cgi?id=$bug_fields{'bug_id'} "; $log .= "imported as bug $id.\n"; - $log .= $params->{"urlbase"} . "show_bug.cgi?id=$id\n\n"; + $log .= Bugziilla->localconfig->{"urlbase"} . "show_bug.cgi?id=$id\n\n"; if ($err) { $log .= "The following problems were encountered while creating bug $id.\n"; $log .= $err; @@ -1274,7 +1274,7 @@ my $urlbase = $root->{'att'}->{'urlbase'}; my $log = join("\n\n", @logs); $log .= "\n\nImported $bugtotal bug(s) from $urlbase,\n sent by $exporter.\n"; my $subject = "$bugtotal Bug(s) successfully moved from $urlbase to " - . $params->{"urlbase"}; + . Bugzilla->localconfig->{"urlbase"}; my @to = ($exporter, $maintainer); MailMessage( $subject, $log, @to ); @@ -75,7 +75,7 @@ else { if ($user_id && $user->in_group('admin')) { # If 'urlbase' is not set, display the Welcome page. - unless (Bugzilla->params->{'urlbase'}) { + unless (Bugzilla->localconfig->{'urlbase'}) { $template->process('welcome-admin.html.tmpl') or ThrowTemplateError($template->error()); exit; diff --git a/new_bug.cgi b/new_bug.cgi index 0949f3696..23b55e325 100644 --- a/new_bug.cgi +++ b/new_bug.cgi @@ -121,7 +121,7 @@ if (lc($cgi->request_method) eq 'post') { push(@all_mail_results, $ref_sent); } - print $cgi->redirect(correct_urlbase() . 'show_bug.cgi?id='.$new_bug->bug_id); + print $cgi->redirect(Bugzilla->localconfig->{urlbase} . 'show_bug.cgi?id='.$new_bug->bug_id); } else { print $cgi->header(); $template->process("bug/new_bug.html.tmpl", diff --git a/post_bug.cgi b/post_bug.cgi index 6ea09e37f..e9a3ed1de 100755 --- a/post_bug.cgi +++ b/post_bug.cgi @@ -43,7 +43,7 @@ my $vars = {}; # redirect to enter_bug if no field is passed. unless ($cgi->param()) { - print $cgi->redirect(correct_urlbase() . 'enter_bug.cgi'); + print $cgi->redirect(Bugzilla->localconfig->{urlbase} . 'enter_bug.cgi'); exit; } diff --git a/qa/config/checksetup_answers.txt b/qa/config/checksetup_answers.txt index f9fb6ea60..79d9cb90c 100644 --- a/qa/config/checksetup_answers.txt +++ b/qa/config/checksetup_answers.txt @@ -22,6 +22,5 @@ $answer{'db_user'} = 'bugs'; $answer{'diffpath'} = '/usr/bin'; $answer{'index_html'} = 0; $answer{'interdiffbin'} = '/usr/bin/interdiff'; -$answer{'urlbase'} = 'http://localhost/bmo/'; $answer{'use_suexec'} = ''; $answer{'webservergroup'} = '%USER%'; diff --git a/qa/config/generate_test_data.pl b/qa/config/generate_test_data.pl index 333bffa26..6bd9dd355 100644 --- a/qa/config/generate_test_data.pl +++ b/qa/config/generate_test_data.pl @@ -67,17 +67,6 @@ Bugzilla->usage_mode(USAGE_MODE_CMDLINE); # Set Parameters ########################################################################## -# Some parameters must be turned on to create bugs requiring them. -# They are also expected to be turned on by some webservice_*.t scripts. -my ($urlbase, $sslbase); -$urlbase = $config->{browser_url} . '/' . $config->{bugzilla_installation}; -$urlbase .= '/' unless $urlbase =~ /\/$/; - -if ($urlbase =~ /^https/) { - $sslbase = $urlbase; - $urlbase =~ s/^https(.+)$/http$1/; -} - # Create missing priorities # BMO uses P1-P5 which is different from upstream my $field = Bugzilla::Field->new({ name => 'priority' }); @@ -98,8 +87,6 @@ foreach my $value (qw(PC)) { } my %set_params = ( - urlbase => $urlbase, - sslbase => $sslbase, usebugaliases => 1, useqacontact => 1, mail_delivery_method => 'Test', diff --git a/qa/t/lib/QA/Util.pm b/qa/t/lib/QA/Util.pm index 0ef843ce7..f80837c0e 100644 --- a/qa/t/lib/QA/Util.pm +++ b/qa/t/lib/QA/Util.pm @@ -357,8 +357,8 @@ sub set_parameters { go_to_admin($sel); $sel->click_ok("link=Parameters", undef, "Go to the Config Parameters page"); $sel->wait_for_page_to_load(WAIT_TIME); - $sel->title_is("Configuration: Required Settings"); - my $last_section = "Required Settings"; + $sel->title_is("Configuration: General"); + my $last_section = "General"; foreach my $section (keys %$params) { if ($section ne $last_section) { diff --git a/qa/t/test_security.t b/qa/t/test_security.t index 56fba4b01..757c33d06 100644 --- a/qa/t/test_security.t +++ b/qa/t/test_security.t @@ -35,8 +35,7 @@ my $bug1_id = create_bug($sel, $bug_summary); # No alternate host for attachments; cookies will be accessible. -set_parameters($sel, { "Attachments" => {"allow_attachment_display-on" => undef, - "reset-attachment_base" => undef} }); +set_parameters($sel, { "Attachments" => {"allow_attachment_display-on" => undef } }); go_to_bug($sel, $bug1_id); $sel->click_ok("link=simple patch, v1"); @@ -51,24 +50,22 @@ $sel->go_back_ok(); $sel->wait_for_page_to_load_ok(WAIT_TIME); $sel->title_like(qr/^$bug1_id /); -# Alternate host for attachments; no cookie should be accessible. - -set_parameters($sel, { "Attachments" => {"attachment_base" => {type => "text", - value => "$config->{browser_ip_url}/$urlbase/"}} }); -go_to_bug($sel, $bug1_id); -$sel->click_ok("link=simple patch, v1"); -$sel->wait_for_page_to_load_ok(WAIT_TIME); -$sel->title_is(""); -@cookies = split(/[\s;]+/, $sel->get_cookie()); -$nb_cookies = scalar @cookies; -ok(!$nb_cookies, "No cookies found"); -ok(!$sel->is_cookie_present("Bugzilla_login"), "Bugzilla_login not accessible"); -ok(!$sel->is_cookie_present("Bugzilla_logincookie"), "Bugzilla_logincookie not accessible"); -$sel->go_back_ok(); -$sel->wait_for_page_to_load_ok(WAIT_TIME); -$sel->title_like(qr/^$bug1_id /); - -set_parameters($sel, { "Attachments" => {"reset-attachment_base" => undef} }); +# # Alternate host for attachments; no cookie should be accessible. + +# set_parameters($sel, { "Attachments" => {"attachment_base" => {type => "text", +# value => "$config->{browser_ip_url}/$urlbase/"}} }); +# go_to_bug($sel, $bug1_id); +# $sel->click_ok("link=simple patch, v1"); +# $sel->wait_for_page_to_load_ok(WAIT_TIME); +# $sel->title_is(""); +# @cookies = split(/[\s;]+/, $sel->get_cookie()); +# $nb_cookies = scalar @cookies; +# ok(!$nb_cookies, "No cookies found"); +# ok(!$sel->is_cookie_present("Bugzilla_login"), "Bugzilla_login not accessible"); +# ok(!$sel->is_cookie_present("Bugzilla_logincookie"), "Bugzilla_logincookie not accessible"); +# $sel->go_back_ok(); +# $sel->wait_for_page_to_load_ok(WAIT_TIME); +# $sel->title_like(qr/^$bug1_id /); ####################################################################### # Security bug 472362. diff --git a/qa/t/test_shutdown.t b/qa/t/test_shutdown.t index 922307207..dc5cabd4a 100644 --- a/qa/t/test_shutdown.t +++ b/qa/t/test_shutdown.t @@ -58,9 +58,6 @@ $sel->type_ok("Bugzilla_login", $config->{admin_user_login}, "Enter admin login $sel->type_ok("Bugzilla_password", $config->{admin_user_passwd}, "Enter admin password"); $sel->click_ok("log_in"); $sel->wait_for_page_to_load_ok(WAIT_TIME); -$sel->title_is("Configuration: Required Settings"); -$sel->click_ok("link=General"); -$sel->wait_for_page_to_load_ok(WAIT_TIME); $sel->title_is("Configuration: General"); $sel->type_ok("shutdownhtml", ""); $sel->click_ok('//input[@type="submit" and @value="Save Changes"]', undef, "Save Changes"); diff --git a/relogin.cgi b/relogin.cgi index e1e1a897e..4202fba0c 100755 --- a/relogin.cgi +++ b/relogin.cgi @@ -31,7 +31,7 @@ my $target; if (!$action) { # redirect to index.cgi if no action is defined. - print $cgi->redirect(correct_urlbase() . 'index.cgi'); + print $cgi->redirect(Bugzilla->localconfig->{urlbase} . 'index.cgi'); exit; } # prepare-sudo: Display the sudo information & login page diff --git a/robots.cgi b/robots.cgi new file mode 100755 index 000000000..d9c30979e --- /dev/null +++ b/robots.cgi @@ -0,0 +1,31 @@ +#!/usr/bin/perl -T +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# This Source Code Form is "Incompatible With Secondary Licenses", as +# defined by the Mozilla Public License, v. 2.0. + +use 5.10.1; +use strict; +use warnings; + +use lib qw(. lib local/lib/perl5); + +use Bugzilla; +use Bugzilla::Constants; +use Bugzilla::Error; +use Bugzilla::Update; +use Digest::MD5 qw(md5_hex); +use List::MoreUtils qw(any); + +# Check whether or not the user is logged in +my $user = Bugzilla->login(LOGIN_OPTIONAL); +my $cgi = Bugzilla->cgi; +my $template = Bugzilla->template; + +my %vars; +print $cgi->header('text/plain'); +Bugzilla::Hook::process( "before_robots_txt", { vars => \%vars } ); +$template->process( "robots.txt.tmpl", \%vars ) + or ThrowTemplateError( $template->error() ); diff --git a/scripts/addcustomfield.pl b/scripts/addcustomfield.pl index a9bd2bcb3..b5ee0cd43 100755 --- a/scripts/addcustomfield.pl +++ b/scripts/addcustomfield.pl @@ -62,5 +62,5 @@ Bugzilla::Field->create({ }); print "Done!\n"; -my $urlbase = Bugzilla->params->{urlbase}; +my $urlbase = Bugzilla->localconfig->{urlbase}; print "Please visit ${urlbase}editfields.cgi?action=edit&name=$name to finish setting up this field.\n"; diff --git a/scripts/entrypoint.pl b/scripts/entrypoint.pl index 02d414c64..dba64afbc 100755 --- a/scripts/entrypoint.pl +++ b/scripts/entrypoint.pl @@ -3,23 +3,30 @@ use 5.10.1; use strict; use warnings; use lib qw(/app /app/local/lib/perl5); +use autodie qw(:all); use Bugzilla::Install::Localconfig (); use Bugzilla::Install::Util qw(install_string); use Bugzilla::Test::Util qw(create_user); + use DBI; use Data::Dumper; -use English qw($EUID); +use English qw(-no_match_vars $EUID); use File::Copy::Recursive qw(dircopy); use Getopt::Long qw(:config gnu_getopt); +use IO::Async::Loop; +use IO::Async::Process; +use IO::Async::Signal; +use IO::Async::Timer::Periodic; use LWP::Simple qw(get); use POSIX qw(WEXITSTATUS setsid); +use Sys::Hostname; use User::pwent; -use IO::Async::Loop; -use IO::Async::Process; -use IO::Async::Timer::Periodic; -use IO::Async::Signal; +BEGIN { + STDOUT->autoflush(1); + STDERR->autoflush(1); +} use constant CI => $ENV{CI}; @@ -41,7 +48,13 @@ check_env(qw( BMO_db_pass BMO_memcached_namespace BMO_memcached_servers -)) unless $cmd eq 'shell'; + BMO_urlbase +)); + +if ( $ENV{BMO_urlbase} eq 'AUTOMATIC' ) { + $ENV{BMO_urlbase} = sprintf 'http://%s:%d/%s', hostname(), $ENV{PORT}, $ENV{BZ_QA_LEGACY_MODE} ? 'bmo/' : ''; + $ENV{BZ_BASE_URL} = sprintf 'http://%s:%d', hostname(), $ENV{PORT}; +} $func->($opts->()); @@ -64,13 +77,24 @@ sub cmd_demo { sub cmd_httpd { check_data_dir(); wait_for_db(); - run( '/usr/sbin/httpd', '-DFOREGROUND', '-f', '/app/httpd/httpd.conf' ); + check_httpd_env(); + my @httpd_args = ( + '-DFOREGROUND', + '-f' => '/app/httpd/httpd.conf', + ); + + # If we're behind a proxy and the urlbase says https, we must be using https. + # * basically means "I trust the load balancer" anyway. + if ($ENV{BMO_inbound_proxies} eq '*' && $ENV{BMO_urlbase} =~ /^https/) { + unshift @httpd_args, '-DHTTPS'; + } + run( '/usr/sbin/httpd', @httpd_args ); } sub cmd_load_test_data { wait_for_db(); - die "BZ_QA_ANSWERS_FILE is not set" unless $ENV{BZ_QA_ANSWERS_FILE}; + die 'BZ_QA_ANSWERS_FILE is not set' unless $ENV{BZ_QA_ANSWERS_FILE}; run( 'perl', 'checksetup.pl', '--no-template', $ENV{BZ_QA_ANSWERS_FILE} ); if ($ENV{BZ_QA_LEGACY_MODE}) { @@ -118,7 +142,7 @@ sub cmd_test_webservices { prove_cmd => [ 'prove', '-qf', '-I/app', '-I/app/local/lib/perl5', - sub { glob('webservice_*.t') }, + sub { glob 'webservice_*.t' }, ], prove_dir => '/app/qa/t', ); @@ -141,23 +165,27 @@ sub cmd_test_selenium { prove_cmd => [ 'prove', '-qf', '-Ilib', '-I/app', '-I/app/local/lib/perl5', - sub { glob('test_*.t') } + sub { glob 'test_*.t' } ], prove_dir => '/app/qa/t', ); } sub cmd_shell { run( 'bash', '-l' ); } -sub cmd_prove { run( "prove", "-I/app", "-I/app/local/lib/perl5", @_ ); } +sub cmd_prove { + my (@args) = @_; + run( 'prove', '-I/app', '-I/app/local/lib/perl5', @args ); +} sub cmd_version { run( 'cat', '/app/version.json' ); } sub cmd_test_bmo { + my (@prove_args) = @_; check_data_dir(); wait_for_db(); $ENV{BZ_TEST_NEWBIE} = 'newbie@mozilla.example'; $ENV{BZ_TEST_NEWBIE_PASS} = 'captain.space.bagel.ROBOT!'; - create_user($ENV{BZ_TEST_NEWBIE}, $ENV{BZ_TEST_NEWBIE_PASS}, realname => "Newbie User"); + create_user($ENV{BZ_TEST_NEWBIE}, $ENV{BZ_TEST_NEWBIE_PASS}, realname => 'Newbie User'); $ENV{BZ_TEST_NEWBIE2} = 'newbie2@mozilla.example'; $ENV{BZ_TEST_NEWBIE2_PASS} = 'captain.space.pants.time.lord'; @@ -165,15 +193,17 @@ sub cmd_test_bmo { prove_with_httpd( httpd_url => $ENV{BZ_BASE_URL}, httpd_cmd => [ '/usr/sbin/httpd', '-f', '/app/httpd/httpd.conf', '-DFOREGROUND' ], - prove_cmd => [ "prove", "-I/app", "-I/app/local/lib/perl5", @_ ], + prove_cmd => [ 'prove', '-I/app', '-I/app/local/lib/perl5', @prove_args ], ); } sub prove_with_httpd { my (%param) = @_; - unless (-d "/app/logs") { - mkdir("/app/logs") or die "unable to mkdir(/app/logs): $!\n"; + check_httpd_env(); + + unless (-d '/app/logs') { + mkdir '/app/logs' or die "unable to mkdir(/app/logs): $!\n"; } my $httpd_cmd = $param{httpd_cmd}; @@ -182,15 +212,15 @@ sub prove_with_httpd { my $loop = IO::Async::Loop->new; my $httpd_exit_f = $loop->new_future; - warn "starting httpd\n"; + say 'starting httpd'; my $httpd = IO::Async::Process->new( code => sub { setsid(); - exec(@$httpd_cmd); + exec @$httpd_cmd; }, setup => [ - stdout => ["open", ">", "/app/logs/access.log"], - stderr => ["open", ">", "/app/logs/error.log"], + stdout => ['open', '>', '/app/logs/access.log'], + stderr => ['open', '>', '/app/logs/error.log'], ], on_finish => on_finish($httpd_exit_f), on_exception => on_exception('httpd', $httpd_exit_f), @@ -203,10 +233,10 @@ sub prove_with_httpd { my $prove_exit_f = $loop->new_future; my $prove = IO::Async::Process->new( code => sub { - chdir($param{prove_dir}) if $param{prove_dir}; + chdir $param{prove_dir} if $param{prove_dir}; my @cmd = (map { ref $_ eq 'CODE' ? $_->() : $_ } @$prove_cmd); warn "run @cmd\n"; - exec(@cmd); + exec @cmd; }, on_finish => on_finish($prove_exit_f), on_exception => on_exception('prove', $prove_exit_f), @@ -236,7 +266,7 @@ sub wait_for_httpd { my ($timer) = @_; if ( $process->is_running ) { my $resp = get("$url/__lbheartbeat__"); - if ($resp && $resp =~ /^httpd OK$/) { + if ($resp && $resp =~ /^httpd OK/) { $timer->stop; $is_running_f->done($resp); } @@ -244,7 +274,7 @@ sub wait_for_httpd { } elsif ( $process->is_exited ) { $timer->stop; - $is_running_f->fail("httpd process exited early"); + $is_running_f->fail('httpd process exited early'); } elsif ( $ticks++ > 60 ) { $timer->stop; @@ -258,7 +288,7 @@ sub wait_for_httpd { } sub copy_qa_extension { - say "copying the QA extension..."; + say 'copying the QA extension...'; dircopy('/app/qa/extensions/QA', '/app/extensions/QA'); } @@ -271,7 +301,7 @@ sub wait_for_db { my $dsn = "dbi:mysql:database=$c->{db_name};host=$c->{db_host}"; my $dbh; foreach (1..12) { - say "checking database..." if $_ > 1; + say 'checking database...' if $_ > 1; $dbh = DBI->connect( $dsn, $c->{db_user}, @@ -280,7 +310,7 @@ sub wait_for_db { ); last if $dbh; say "database $dsn not available, waiting..."; - sleep(10); + sleep 10; } die "unable to connect to $dsn as $c->{db_user}\n" unless $dbh; } @@ -306,28 +336,39 @@ sub on_finish { my ($f) = @_; return sub { my ($self, $exitcode) = @_; + say "exit code: $exitcode"; $f->done(WEXITSTATUS($exitcode)); }; } sub check_user { - die "Effective UID must be 10001!" unless $EUID == 10001; + die 'Effective UID must be 10001!' unless $EUID == 10_001; my $user = getpwuid($EUID)->name; die "Name of EUID must be app, not $user" unless $user eq 'app'; } sub check_data_dir { - die "/app/data must be writable by user 'app' (id: $EUID)" unless -w "/app/data"; - die "/app/data/params must exist" unless -f "/app/data/params"; + die "/app/data must be writable by user 'app' (id: $EUID)" unless -w '/app/data'; + die '/app/data/params must exist' unless -f '/app/data/params'; } sub check_env { my (@require_env) = @_; my @missing_env = grep { not exists $ENV{$_} } @require_env; if (@missing_env) { - die "Missing required environmental variables: ", join(", ", @missing_env), "\n"; + die 'Missing required environmental variables: ', join(', ', @missing_env), "\n"; } } +sub check_httpd_env { + check_env(qw( + HTTPD_StartServers + HTTPD_MinSpareServers + HTTPD_MaxSpareServers + HTTPD_ServerLimit + HTTPD_MaxClients + HTTPD_MaxRequestsPerChild + )) +} sub fix_path { $ENV{PATH} = "/app/local/bin:$ENV{PATH}"; @@ -336,7 +377,7 @@ sub fix_path { sub run { my (@cmd) = @_; say "+ @cmd"; - my $rv = system(@cmd); + my $rv = system @cmd; if ($rv != 0) { exit 1; } diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 95b64cf51..c99d45394 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -116,7 +116,7 @@ chmod Bugzilla::Install::Filesystem::CGI_WRITE, $filename or warn install_string('chmod_failed', { path => $filename, error => $! }); -my $urlbase = correct_urlbase(); +my $urlbase = Bugzilla->localconfig->{urlbase}; print $fh "digraph G {"; print $fh qq( @@ -245,9 +245,7 @@ if ($bug_count > MAX_WEBDOT_BUGS) { my $webdotbase = Bugzilla->params->{'webdotbase'}; if ($webdotbase =~ /^https?:/) { - # Remote dot server. We don't hardcode 'urlbase' here in case - # 'sslbase' is in use. - $webdotbase =~ s/%([a-z]*)%/Bugzilla->params->{$1}/eg; + $webdotbase =~ s/%(?:sslbase|urlbase)%/Bugzilla->localconfig->{urlbase}/eg; my $url = $webdotbase . $filename; $vars->{'image_url'} = $url . ".gif"; $vars->{'map_url'} = $url . ".map"; diff --git a/t/.perlcritic-history b/t/.perlcritic-history index 8d21a03b6..fc5e3d6eb 100644 --- a/t/.perlcritic-history +++ b/t/.perlcritic-history @@ -1,12 +1,11 @@ $VAR1 = [ { - 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitNoisyQuotes' => 29, 'Perl::Critic::Policy::Modules::RequireFilenameMatchesPackage' => 0, 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitLongChainsOfMethodCalls' => 0, 'Perl::Critic::Policy::BuiltinFunctions::ProhibitComplexMappings' => 0, 'Perl::Critic::Policy::ControlStructures::ProhibitLabelsWithSpecialBlockNames' => 0, 'Perl::Critic::Policy::CodeLayout::ProhibitTrailingWhitespace' => 0, - 'Perl::Critic::Policy::Variables::ProhibitUnusedVariables' => 0, + 'Perl::Critic::Policy::Variables::ProhibitUnusedVariables' => 1, 'Perl::Critic::Policy::Documentation::RequirePackageMatchesPodName' => 0, 'Perl::Critic::Policy::BuiltinFunctions::ProhibitUniversalCan' => 0, 'Perl::Critic::Policy::InputOutput::ProhibitJoinedReadline' => 0, @@ -30,7 +29,7 @@ $VAR1 = [ 'Perl::Critic::Policy::InputOutput::ProhibitOneArgSelect' => 0, 'Perl::Critic::Policy::RegularExpressions::ProhibitSingleCharAlternation' => 16, 'Perl::Critic::Policy::Freenode::ModPerl' => 0, - 'Perl::Critic::Policy::TestingAndDebugging::ProhibitNoWarnings' => 1, + 'Perl::Critic::Policy::TestingAndDebugging::ProhibitNoWarnings' => 0, 'Perl::Critic::Policy::Freenode::IndirectObjectNotation' => 0, 'Perl::Critic::Policy::Subroutines::ProhibitAmpersandSigils' => 0, 'Perl::Critic::Policy::ControlStructures::ProhibitUnreachableCode' => 0, @@ -48,12 +47,10 @@ $VAR1 = [ 'Perl::Critic::Policy::CodeLayout::ProhibitQuotedWordLists' => 0, 'Perl::Critic::Policy::NamingConventions::ProhibitAmbiguousNames' => 0, 'Perl::Critic::Policy::Variables::ProhibitConditionalDeclarations' => 0, - 'Perl::Critic::Policy::InputOutput::ProhibitExplicitStdin' => 1, - 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitInterpolationOfLiterals' => 272, + 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitInterpolationOfLiterals' => 255, 'Perl::Critic::Policy::Freenode::Wantarray' => 0, 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitMismatchedOperators' => 0, - 'Perl::Critic::Policy::InputOutput::RequireBracedFileHandleWithPrint' => 15, - 'Perl::Critic::Policy::CodeLayout::RequireTidyCode' => 50, + 'Perl::Critic::Policy::InputOutput::RequireBracedFileHandleWithPrint' => 14, 'Perl::Critic::Policy::Subroutines::ProhibitBuiltinHomonyms' => 0, 'Perl::Critic::Policy::Modules::RequireExplicitPackage' => 0, 'Perl::Critic::Policy::CodeLayout::ProhibitHardTabs' => 0, @@ -61,19 +58,18 @@ $VAR1 = [ 'Perl::Critic::Policy::Freenode::OverloadOptions' => 0, 'Perl::Critic::Policy::TestingAndDebugging::ProhibitProlongedStrictureOverride' => 0, 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitLeadingZeros' => 0, - 'Perl::Critic::Policy::CodeLayout::RequireTrailingCommas' => 3, + 'Perl::Critic::Policy::CodeLayout::RequireTrailingCommas' => 2, 'Perl::Critic::Policy::Miscellanea::ProhibitUnrestrictedNoCritic' => 0, 'Perl::Critic::Policy::BuiltinFunctions::ProhibitSleepViaSelect' => 0, 'Perl::Critic::Policy::RegularExpressions::ProhibitEscapedMetacharacters' => 3, 'Perl::Critic::Policy::NamingConventions::Capitalization' => 0, - 'Perl::Critic::Policy::Modules::RequireNoMatchVarsWithUseEnglish' => 1, - 'Perl::Critic::Policy::RegularExpressions::RequireLineBoundaryMatching' => 37, - 'Perl::Critic::Policy::InputOutput::RequireEncodingWithUTF8Layer' => 1, + 'Perl::Critic::Policy::Modules::RequireNoMatchVarsWithUseEnglish' => 0, + 'Perl::Critic::Policy::InputOutput::RequireEncodingWithUTF8Layer' => 0, 'Perl::Critic::Policy::BuiltinFunctions::ProhibitVoidGrep' => 0, 'Perl::Critic::Policy::ValuesAndExpressions::RequireUpperCaseHeredocTerminator' => 0, 'Perl::Critic::Policy::Miscellanea::ProhibitFormats' => 0, 'Perl::Critic::Policy::Variables::RequireInitializationForLocalVars' => 0, - 'Perl::Critic::Policy::CodeLayout::ProhibitParensWithBuiltins' => 83, + 'Perl::Critic::Policy::CodeLayout::ProhibitParensWithBuiltins' => 76, 'Perl::Critic::Policy::RegularExpressions::ProhibitEnumeratedClasses' => 0, 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitCommaSeparatedStatements' => 0, 'Perl::Critic::Policy::BuiltinFunctions::RequireBlockGrep' => 4, @@ -81,7 +77,7 @@ $VAR1 = [ 'Perl::Critic::Policy::Modules::RequireEndWithOne' => 0, 'Perl::Critic::Policy::InputOutput::ProhibitTwoArgOpen' => 2, 'Perl::Critic::Policy::ValuesAndExpressions::RequireConstantVersion' => 0, - 'Perl::Critic::Policy::InputOutput::RequireCheckedSyscalls' => 168, + 'Perl::Critic::Policy::InputOutput::RequireCheckedSyscalls' => 3, 'Perl::Critic::Policy::ValuesAndExpressions::RequireInterpolationOfMetachars' => 0, 'Perl::Critic::Policy::TestingAndDebugging::RequireUseStrict' => 0, 'Perl::Critic::Policy::ControlStructures::ProhibitUntilBlocks' => 0, @@ -96,14 +92,14 @@ $VAR1 = [ 'Perl::Critic::Policy::Freenode::WarningsSwitch' => 19, 'Perl::Critic::Policy::RegularExpressions::ProhibitCaptureWithoutTest' => 0, 'Perl::Critic::Policy::Variables::ProhibitPunctuationVars' => 14, - 'Perl::Critic::Policy::RegularExpressions::ProhibitFixedStringMatches' => 2, + 'Perl::Critic::Policy::RegularExpressions::ProhibitFixedStringMatches' => 1, 'Perl::Critic::Policy::ClassHierarchies::ProhibitOneArgBless' => 0, 'Perl::Critic::Policy::BuiltinFunctions::RequireSimpleSortBlock' => 0, 'Perl::Critic::Policy::InputOutput::RequireCheckedOpen' => 0, 'Perl::Critic::Policy::RegularExpressions::ProhibitUnusualDelimiters' => 1, 'Perl::Critic::Policy::RegularExpressions::ProhibitUselessTopic' => 0, + 'Perl::Critic::Policy::ValuesAndExpressions::RequireNumberSeparators' => 0, 'Perl::Critic::Policy::Variables::ProhibitAugmentedAssignmentInDeclaration' => 1, - 'Perl::Critic::Policy::ValuesAndExpressions::RequireNumberSeparators' => 1, 'Perl::Critic::Policy::Freenode::DiscouragedModules' => 5, 'Perl::Critic::Policy::Subroutines::ProtectPrivateSubs' => 1, 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitComplexVersion' => 0, @@ -115,16 +111,14 @@ $VAR1 = [ 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitImplicitNewlines' => 55, 'Perl::Critic::Policy::Modules::RequireBarewordIncludes' => 0, 'Perl::Critic::Policy::InputOutput::ProhibitBarewordFileHandles' => 2, - 'Perl::Critic::Policy::InputOutput::RequireCheckedClose' => 1, + 'Perl::Critic::Policy::InputOutput::RequireCheckedClose' => 0, 'Perl::Critic::Policy::ControlStructures::ProhibitDeepNests' => 0, 'Perl::Critic::Policy::ControlStructures::ProhibitCStyleForLoops' => 2, 'Perl::Critic::Policy::InputOutput::ProhibitReadlineInForLoop' => 0, 'Perl::Critic::Policy::Freenode::WhileDiamondDefaultAssignment' => 0, 'Perl::Critic::Policy::RegularExpressions::ProhibitUnusedCapture' => 0, - 'Perl::Critic::Policy::InputOutput::ProhibitInteractiveTest' => 1, 'Perl::Critic::Policy::Modules::ProhibitAutomaticExportation' => 0, - 'Perl::Critic::Policy::RegularExpressions::RequireDotMatchAnything' => 38, - 'Perl::Critic::Policy::Subroutines::RequireArgUnpacking' => 2, + 'Perl::Critic::Policy::Subroutines::RequireArgUnpacking' => 0, 'Perl::Critic::Policy::RegularExpressions::RequireBracesForMultiline' => 0, 'Perl::Critic::Policy::Subroutines::ProhibitUnusedPrivateSubroutines' => 0, 'Perl::Critic::Policy::Documentation::RequirePodAtEnd' => 4, @@ -142,6 +136,6 @@ $VAR1 = [ 'Perl::Critic::Policy::Subroutines::ProhibitReturnSort' => 0, 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitQuotesAsQuotelikeOperatorDelimiters' => 0, 'Perl::Critic::Policy::Variables::RequireNegativeIndices' => 0, - 'Perl::Critic::Policy::InputOutput::RequireBriefOpen' => 4 + 'Perl::Critic::Policy::InputOutput::RequireBriefOpen' => 3 } ]; diff --git a/template/en/default/admin/params/advanced.html.tmpl b/template/en/default/admin/params/advanced.html.tmpl index a23c602ae..75885b3f4 100644 --- a/template/en/default/admin/params/advanced.html.tmpl +++ b/template/en/default/admin/params/advanced.html.tmpl @@ -19,7 +19,7 @@ # Frédéric Buclin <LpSolit@gmail.com> #%] -[% +[% title = "Advanced" desc = "Settings for advanced configurations." %] @@ -29,7 +29,7 @@ <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">Strict-Transport-Security</a> header along with HTTP responses on SSL connections. This adds greater security to your SSL connections by forcing the browser to always - access your domain over SSL and never accept an invalid certificate. + access your domain over SSL and never accept an invalid certificate. However, it should only be used if you have the <code>ssl_redirect</code> parameter turned on, [% terms.Bugzilla %] is the only thing running on its domain (i.e., your <code>urlbase</code> is something like @@ -54,13 +54,6 @@ [% END %] [% param_descs = { - cookiedomain => - "If your website is at 'www.foo.com', setting this to" - _ " '.foo.com' will also allow 'bar.foo.com' to access" - _ " $terms.Bugzilla cookies. This is useful if you have more than" - _ " one hostname pointing at the same web server, and you" - _ " want them to share the $terms.Bugzilla cookie.", - inbound_proxies => "When inbound traffic to $terms.Bugzilla goes through a proxy," _ " $terms.Bugzilla thinks that the IP address of every single" @@ -71,7 +64,7 @@ _ " If set to a *, $terms.Bugzilla will trust the first value in the " _ " X-Forwarded-For header.", - proxy_url => + proxy_url => "$terms.Bugzilla may have to access the web to get notifications about" _ " new releases (see the <tt>upgrade_notification</tt> parameter)." _ " If your $terms.Bugzilla server is behind a proxy, it may be" diff --git a/template/en/default/admin/params/attachment.html.tmpl b/template/en/default/admin/params/attachment.html.tmpl index bdd20c676..0858a1044 100644 --- a/template/en/default/admin/params/attachment.html.tmpl +++ b/template/en/default/admin/params/attachment.html.tmpl @@ -35,28 +35,6 @@ _ "<p>It is highly recommended that you set the <tt>attachment_base</tt>" _ " parameter if you turn this parameter on.", - attachment_base => - "When the <tt>allow_attachment_display</tt> parameter is on, it is " - _ " possible for a malicious attachment to steal your cookies or" - _ " perform an attack on $terms.Bugzilla using your credentials." - _ "<p>If you would like additional security on attachments to avoid" - _ " this, set this parameter to an alternate URL for your $terms.Bugzilla" - _ " that is not the same as <tt>urlbase</tt> or <tt>sslbase</tt>." - _ " That is, a different domain name that resolves to this exact" - _ " same $terms.Bugzilla installation.</p>" - _ "<p>Note that if you have set the" - _ " <a href=\"editparams.cgi?section=advanced#cookiedomain_desc\"><tt>cookiedomain</tt>" - _" parameter</a>, you should set <tt>attachment_base</tt> to use a" - _ " domain that would <em>not</em> be matched by" - _ " <tt>cookiedomain</tt>.</p>" - _ "<p>For added security, you can insert <tt>%bugid%</tt> into the URL," - _ " which will be replaced with the ID of the current $terms.bug that" - _ " the attachment is on, when you access an attachment. This will limit" - _ " attachments to accessing only other attachments on the same" - _ " ${terms.bug}. Remember, though, that all those possible domain names " - _ " (such as <tt>1234.your.domain.com</tt>) must point to this same" - _ " $terms.Bugzilla instance.", - allow_attachment_deletion => "If this option is on, administrators will be able to delete " _ "the content of attachments.", diff --git a/template/en/default/admin/params/core.html.tmpl b/template/en/default/admin/params/core.html.tmpl deleted file mode 100644 index b1578f422..000000000 --- a/template/en/default/admin/params/core.html.tmpl +++ /dev/null @@ -1,48 +0,0 @@ -[%# The contents of this file are subject to the Mozilla Public - # License Version 1.1 (the "License"); you may not use this file - # except in compliance with the License. You may obtain a copy of - # the License at http://www.mozilla.org/MPL/ - # - # Software distributed under the License is distributed on an "AS - # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - # implied. See the License for the specific language governing - # rights and limitations under the License. - # - # The Original Code is the Bugzilla Bug Tracking System. - # - # The Initial Developer of the Original Code is Netscape Communications - # Corporation. Portions created by Netscape are - # Copyright (C) 1998 Netscape Communications Corporation. All - # Rights Reserved. - # - # Contributor(s): Dave Miller <justdave@bugzilla.org> - # Frédéric Buclin <LpSolit@gmail.com> - #%] - -[% - title = "Required Settings" - desc = "Settings that are required for proper operation of $terms.Bugzilla" -%] - -[% param_descs = { - urlbase => "The URL that is the common initial leading part of all $terms.Bugzilla " _ - "URLs.", - - sslbase => "The URL that is the common initial leading part of all HTTPS " _ - "(SSL) $terms.Bugzilla URLs.", - - ssl_redirect => - "When this is enabled, $terms.Bugzilla will ensure that every page is" - _ " accessed over SSL, by redirecting any plain HTTP requests to HTTPS" - _ " using the <tt>sslbase</tt> parameter. Also, when this is enabled," - _ " $terms.Bugzilla will send out links using <tt>sslbase</tt> in emails" - _ " instead of <tt>urlbase</tt>.", - - cookiepath => "Path, relative to your web document root, to which to restrict " _ - "$terms.Bugzilla cookies. Normally this is the URI portion of your URL " _ - "base. Begin with a / (single slash mark). For instance, if " _ - "$terms.Bugzilla serves from 'http://www.somedomain.com/bugzilla/', set " _ - "this parameter to /bugzilla/. Setting it to / will allow " _ - "all sites served by this web server or virtual host to read " _ - "$terms.Bugzilla cookies.", -} %] diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl index a7aed895e..9baecbb53 100644 --- a/template/en/default/global/header.html.tmpl +++ b/template/en/default/global/header.html.tmpl @@ -96,7 +96,6 @@ <head> [%- js_BUGZILLA = { param => { - cookiepath => Param('cookiepath'), maxusermatches => Param('maxusermatches'), }, constant => { diff --git a/template/en/default/robots.txt.tmpl b/template/en/default/robots.txt.tmpl index c4948efe5..7ef83c0f1 100644 --- a/template/en/default/robots.txt.tmpl +++ b/template/en/default/robots.txt.tmpl @@ -2,7 +2,7 @@ User-agent: * Disallow: / Crawl-delay: 30 -[% IF NOT urlbase.matches("bugzilla-dev") %] +[% IF NOT Bugzilla.localconfig.urlbase.matches("bugzilla-dev") %] Allow: /$ Allow: /index.cgi diff --git a/template/en/default/setup/strings.txt.pl b/template/en/default/setup/strings.txt.pl index 9a8e3b9d1..35a771ff3 100644 --- a/template/en/default/setup/strings.txt.pl +++ b/template/en/default/setup/strings.txt.pl @@ -106,6 +106,24 @@ END The following variables are no longer used in ##localconfig##, and have been moved to ##old_file##: ##vars## END + localconfig_attachment_base => <<'END', +When the runtime allow_attachment_display parameter is on, it is +possible for a malicious attachment to steal your cookies or +perform an attack using your credentials. + +If you would like additional security on attachments to avoid +this, set this parameter to an alternate URL for your $terms.Bugzilla +that is not the same as urlbase. +That is, a different domain name that resolves to this exact +same installation. + +For added security, you can insert %bugid% into the URL, +which will be replaced with the ID of the current bug that +the attachment is on, when you access an attachment. This will limit +attachments to accessing only other attachments on the same +bug. Remember, though, that all those possible domain names + must point to this same instance. +END localconfig_create_htaccess => <<'END', If you are using Apache as your web server, Bugzilla can create .htaccess files for you, which will keep this file (localconfig) and other @@ -180,7 +198,7 @@ here. END localconfig_memcached_servers => <<'END', If this option is set, Bugzilla will integrate with Memcached. -Specify one or more servers, separated by spaces, using hostname:port +Specify one or more servers, separated by spaces, using hostname:port notation (for example: 127.0.0.1:11211). END localconfig_memcached_namespace => <<'END', @@ -198,6 +216,9 @@ This hash is used by BMO to override select data/params values on a per-webhead basis. Keys set to undef will default to the value in data/params. Only the keys listed below can be overridden. END + localconfig_urlbase => <<'END', +The URL that is the common initial leading part of all URLs. +END localconfig_use_suexec => <<'END', Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment. diff --git a/template/en/default/welcome-admin.html.tmpl b/template/en/default/welcome-admin.html.tmpl index e37008fc7..11d70a6ea 100644 --- a/template/en/default/welcome-admin.html.tmpl +++ b/template/en/default/welcome-admin.html.tmpl @@ -40,14 +40,6 @@ parameters for this installation; among others:</p> <ul> - <li><a href="editparams.cgi?section=core#urlbase_desc">urlbase</a>, which is the URL - pointing to this installation and which will be used in emails (which is also the - reason you see this page: as long as this parameter is not set, you will see this - page again and again).</li> - - <li><a href="editparams.cgi?section=core#cookiepath_desc">cookiepath</a> is important - for your browser to manage your cookies correctly.</li> - <li><a href="editparams.cgi?section=general#maintainer_desc">maintainer</a>, the person responsible for this installation if something is running wrongly.</li> diff --git a/userprefs.cgi b/userprefs.cgi index 00771ceac..e70b9780a 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -208,7 +208,7 @@ sub DisableAccount { $user->update(); Bugzilla->logout(); - print Bugzilla->cgi->redirect(correct_urlbase()); + print Bugzilla->cgi->redirect(Bugzilla->localconfig->{urlbase}); exit; } |