summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2016-10-18 18:53:01 +0200
committerDylan William Hardison <dylan@hardison.net>2016-10-18 18:53:01 +0200
commit3e6736478603d9e881c12005e06845a25540fa4e (patch)
treef01806cbd036ee9b11bd5db03a99b6d720bf01a6
parent2f310fba9800f9d106ad8090cbbfb628c53599a1 (diff)
downloadbugzilla-3e6736478603d9e881c12005e06845a25540fa4e.tar.gz
bugzilla-3e6736478603d9e881c12005e06845a25540fa4e.tar.xz
Bug 1310747 - SSRF
-rwxr-xr-xauth.cgi4
1 files changed, 2 insertions, 2 deletions
diff --git a/auth.cgi b/auth.cgi
index 86c1f656a..00e6b94d6 100755
--- a/auth.cgi
+++ b/auth.cgi
@@ -43,8 +43,8 @@ ThrowUserError("auth_delegation_invalid_description")
unless $description =~ /^[\w\s]{3,255}$/;
my $callback_uri = URI->new($callback);
-$callback_uri->scheme =~ /^https?$/
- or ThrowUserError('auth_delegation_illegal_protocol', { protocol => scalar $callback_uri->scheme });
+ThrowUserError('auth_delegation_illegal_protocol', { protocol => scalar $callback_uri->scheme })
+ unless $callback_uri->scheme eq 'https';
my $callback_base = $callback_uri->clone;
$callback_base->query(undef);