summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2014-05-27 05:48:47 +0200
committerByron Jones <glob@mozilla.com>2014-05-27 05:48:47 +0200
commit612ab3f079cb9f716581c37d52804d2da0422929 (patch)
treeff754b461b37989bc61d30c057f959b839e10f65
parent398daeeabbb1bf87a677d735ee74edfe9bcc9348 (diff)
downloadbugzilla-612ab3f079cb9f716581c37d52804d2da0422929.tar.gz
bugzilla-612ab3f079cb9f716581c37d52804d2da0422929.tar.xz
Bug 1013788: it's possible to get bugzilla to redirect to any url by setting the content-type of an attachment after uploading it
-rw-r--r--extensions/BMO/Extension.pm25
1 files changed, 18 insertions, 7 deletions
diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm
index f811c7a3b..b651caf6b 100644
--- a/extensions/BMO/Extension.pm
+++ b/extensions/BMO/Extension.pm
@@ -624,23 +624,31 @@ sub attachment_process_data {
seek($data, 0, 0);
} else {
# string
- return if length($data) > 256;
$url = $data;
}
+ if (my $content_type = _get_review_content_type($url)) {
+ $attributes->{mimetype} = $content_type;
+ $attributes->{ispatch} = 0;
+ }
+}
+
+sub _get_review_content_type {
+ my ($url) = @_;
+
# trim and check for the pull request url
return unless defined $url;
+ return if length($url) > 256;
$url = trim($url);
return if $url =~ /\s/;
if ($url =~ m#^https://github\.com/[^/]+/[^/]+/pull/\d+/?$#i) {
- $attributes->{mimetype} = GITHUB_PR_CONTENT_TYPE;
- $attributes->{ispatch} = 0;
+ return GITHUB_PR_CONTENT_TYPE;
}
- elsif ($url =~ m#^https?://reviewboard(?:-dev)?\.(?:allizom|mozilla)\.org/r/\d+/?#i) {
- $attributes->{mimetype} = RB_REQUEST_CONTENT_TYPE;
- $attributes->{ispatch} = 0;
+ if ($url =~ m#^https?://reviewboard(?:-dev)?\.(?:allizom|mozilla)\.org/r/\d+/?#i) {
+ return RB_REQUEST_CONTENT_TYPE;
}
+ return;
}
# redirect automatically to github urls
@@ -652,11 +660,14 @@ sub attachment_view {
# don't redirect if the content-type is specified explicitly
return if defined $cgi->param('content_type');
- # must be our github content-type
+ # must be our github/reviewboard content-type
return unless
$attachment->contenttype eq GITHUB_PR_CONTENT_TYPE
or $attachment->contenttype eq RB_REQUEST_CONTENT_TYPE;
+ # must still be a valid url
+ return unless _get_review_content_type($attachment->data);
+
# redirect
print $cgi->redirect(trim($attachment->data));
exit;