diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-10 01:37:14 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-10 01:37:14 +0200 |
| commit | 10b07dbd8e3e96c53bb6f46874ecab1108146494 (patch) | |
| tree | 1109a194ae57842acbb358a830327863754a0fd6 /Bugzilla/Attachment.pm | |
| parent | 81c0c249e1dab7e8bef7c4923a7a805220d9daf1 (diff) | |
| download | bugzilla-10b07dbd8e3e96c53bb6f46874ecab1108146494.tar.gz bugzilla-10b07dbd8e3e96c53bb6f46874ecab1108146494.tar.xz | |
Bug 677187: If the attachment filename contains a newline, an error is thrown when trying to download the attachment
r/a=mkanat
Diffstat (limited to 'Bugzilla/Attachment.pm')
| -rw-r--r-- | Bugzilla/Attachment.pm | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 7cd350dde..a39dc3af4 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -518,9 +518,13 @@ sub _check_content_type { my $is_patch = ref($invocant) ? $invocant->ispatch : $params->{ispatch}; $content_type = 'text/plain' if $is_patch; - $content_type = trim($content_type); + $content_type = clean_text($content_type); + # The subsets below cover all existing MIME types and charsets registered by IANA. + # (MIME type: RFC 2045 section 5.1; charset: RFC 2278 section 3.3) my $legal_types = join('|', LEGAL_CONTENT_TYPES); - if (!$content_type or $content_type !~ /^($legal_types)\/.+$/) { + if (!$content_type + || $content_type !~ /^($legal_types)\/[a-z0-9_\-\+\.]+(;\s*charset=[a-z0-9_\-\+]+)?$/i) + { ThrowUserError("invalid_content_type", { contenttype => $content_type }); } trick_taint($content_type); @@ -560,7 +564,7 @@ sub _check_description { sub _check_filename { my ($invocant, $filename) = @_; - $filename = trim($filename); + $filename = clean_text($filename); $filename || ThrowUserError('file_not_specified'); # Remove path info (if any) from the file name. The browser should do this |