summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Kanat-Alexander <mkanat@bugzilla.org>2010-09-19 01:47:01 +0200
committerMax Kanat-Alexander <mkanat@bugzilla.org>2010-09-19 01:47:01 +0200
commitb7777aee805f87b50d37977d2ce497d32cf32864 (patch)
tree08905dc465207c0868707a3d917e7d747218cd0b
parentf5474782d742803f09b06fed275774d96cb629e7 (diff)
downloadbugzilla-b7777aee805f87b50d37977d2ce497d32cf32864.tar.gz
bugzilla-b7777aee805f87b50d37977d2ce497d32cf32864.tar.xz
Bug 593170: Disallow urls like "show_bug.cgi?id=2323" (with no domain) in
the See Also field. r=timello, a=mkanat
-rw-r--r--Bugzilla/Bug.pm9
-rw-r--r--template/en/default/global/user-error.html.tmpl2
2 files changed, 11 insertions, 0 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index db9f2438d..a8f6651e0 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -2815,6 +2815,15 @@ sub add_see_also {
ThrowUserError('bug_url_invalid', { url => $input, reason => 'http' });
}
+ # This stops the following edge cases from being accepted:
+ # * show_bug.cgi?id=1
+ # * /show_bug.cgi?id=1
+ # * http:///show_bug.cgi?id=1
+ if (!$uri->authority or $uri->path !~ m{/}) {
+ ThrowUserError('bug_url_invalid',
+ { url => $input, reason => 'path_only' });
+ }
+
my $result;
# Launchpad URLs
if ($uri->authority =~ /launchpad.net$/) {
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index a885f4b34..5d690db17 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -245,6 +245,8 @@
<code>[% url FILTER html %]</code> is not a valid URL to [% terms.abug %].
[% IF reason == 'http' %]
URLs must start with "http" or "https".
+ [% ELSIF reason == 'path_only' %]
+ You must specify a full URL.
[% ELSIF reason == 'show_bug' %]
[%+ field_descs.see_also %] URLs should point to one of:
<ul>