Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave

author: lpsolit%gmail.com <> 2006-10-15 05:26:50 +0200
committer: lpsolit%gmail.com <> 2006-10-15 05:26:50 +0200
commit: b1ef63e5bfc0d3995245b42154686db1400b2c22 (patch)
tree: 0db4955b3303c2e5565d6e97e8fac62c63147117 /Bugzilla/Constants.pm
parent: 40aae68e1263b9677285473a9205cef378b451c0 (diff)
download: bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz
bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 4ce2cbc09..337405a61 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -123,6 +123,8 @@ use File::Basename;
     ON_WINDOWS
 
     MAX_TOKEN_AGE
+
+    SAFE_PROTOCOLS
 );
 
 @Bugzilla::Constants::EXPORT_OK = qw(contenttypes);
@@ -302,6 +304,11 @@ use constant FIELD_TYPE_SINGLE_SELECT => 2;
 # The maximum number of days a token will remain valid.
 use constant MAX_TOKEN_AGE => 3;
 
+# Protocols which are considered as safe.
+use constant SAFE_PROTOCOLS => ('afs', 'cid', 'ftp', 'gopher', 'http', 'https',
+                                'irc', 'mid', 'news', 'nntp', 'prospero', 'telnet',
+                                'view-source', 'wais');
+
 # States that are considered to be "open" for bugs.
 use constant BUG_STATE_OPEN => ('NEW', 'REOPENED', 'ASSIGNED', 
                                 'UNCONFIRMED');
author	lpsolit%gmail.com <>	2006-10-15 05:26:50 +0200
committer	lpsolit%gmail.com <>	2006-10-15 05:26:50 +0200
commit	b1ef63e5bfc0d3995245b42154686db1400b2c22 (patch)
tree	0db4955b3303c2e5565d6e97e8fac62c63147117 /Bugzilla/Constants.pm
parent	40aae68e1263b9677285473a9205cef378b451c0 (diff)
download	bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz