summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorByron Jones ‹:glob› <glob@mozilla.com>2015-11-25 15:22:06 +0100
committerDylan Hardison <dylan@mozilla.com>2015-11-25 15:22:06 +0100
commit7880de802f69a58f2a7d7090944db394469bcda7 (patch)
tree41eb59885f95a04c402e28294b1d8c83618925c1
parentfe886c6a2ab07d5db20fad555263acd69302f1b0 (diff)
downloadbugzilla-7880de802f69a58f2a7d7090944db394469bcda7.tar.gz
bugzilla-7880de802f69a58f2a7d7090944db394469bcda7.tar.xz
Bug 1227866 - infinite loop consuming resources when PATH_INFO set
-rw-r--r--Bugzilla/CGI.pm10
1 files changed, 9 insertions, 1 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 4deb5aa52..d24722fcc 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -375,7 +375,7 @@ sub header {
# To initiate github login, a form POSTs to github.cgi with the
# github_secret as a parameter. It must match the github_secret cookie.
# this prevents some types of redirection attacks.
- unless ($user->id) {
+ unless ($user->id || $self->{bz_redirecting}) {
$self->send_cookie(-name => 'github_secret',
-value => Bugzilla->github_secret,
-httponly => 1);
@@ -524,6 +524,14 @@ sub remove_cookie {
'-value' => 'X');
}
+# To avoid infinite redirection recursion, track when we're within a redirect
+# request.
+sub redirect {
+ my $self = shift;
+ $self->{bz_redirecting} = 1;
+ return $self->SUPER::redirect(@_);
+}
+
# This helps implement Bugzilla::Search::Recent, and also shortens search
# URLs that get POSTed to buglist.cgi.
sub redirect_search_url {