diff options
| author | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-09-19 01:47:01 +0200 |
|---|---|---|
| committer | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-09-19 01:47:01 +0200 |
| commit | b7777aee805f87b50d37977d2ce497d32cf32864 (patch) | |
| tree | 08905dc465207c0868707a3d917e7d747218cd0b /Bugzilla/Bug.pm | |
| parent | f5474782d742803f09b06fed275774d96cb629e7 (diff) | |
| download | bugzilla-b7777aee805f87b50d37977d2ce497d32cf32864.tar.gz bugzilla-b7777aee805f87b50d37977d2ce497d32cf32864.tar.xz | |
Bug 593170: Disallow urls like "show_bug.cgi?id=2323" (with no domain) in
the See Also field.
r=timello, a=mkanat
Diffstat (limited to 'Bugzilla/Bug.pm')
| -rw-r--r-- | Bugzilla/Bug.pm | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index db9f2438d..a8f6651e0 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -2815,6 +2815,15 @@ sub add_see_also { ThrowUserError('bug_url_invalid', { url => $input, reason => 'http' }); } + # This stops the following edge cases from being accepted: + # * show_bug.cgi?id=1 + # * /show_bug.cgi?id=1 + # * http:///show_bug.cgi?id=1 + if (!$uri->authority or $uri->path !~ m{/}) { + ThrowUserError('bug_url_invalid', + { url => $input, reason => 'path_only' }); + } + my $result; # Launchpad URLs if ($uri->authority =~ /launchpad.net$/) { |