diff options
author | lpsolit%gmail.com <> | 2009-02-02 19:21:33 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-02-02 19:21:33 +0100 |
commit | 8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (patch) | |
tree | cc80d283ac39c08f00620b66a6fc991c5c3ad857 /Bugzilla/Util.pm | |
parent | b23648ca247167be26f1b51bd592b29309ebbc63 (diff) | |
download | bugzilla-8d70890dc0b7c24b25a344808ac4e63e6a5dd74e.tar.gz bugzilla-8d70890dc0b7c24b25a344808ac4e63e6a5dd74e.tar.xz |
Bug 38862: [SECURITY] attachments should be at a different hostname - Patch by Byron Jones <bugzilla@glob.com.au> and Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'Bugzilla/Util.pm')
-rw-r--r-- | Bugzilla/Util.pm | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 01f824c5b..951c4df3c 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -36,7 +36,7 @@ use base qw(Exporter); html_quote url_quote xml_quote css_class_quote html_light_quote url_decode i_am_cgi get_netaddr correct_urlbase - lsearch ssl_require_redirect + lsearch ssl_require_redirect use_attachbase diff_arrays diff_strings trim wrap_hard wrap_comment find_wrap_point format_time format_time_decimal validate_date @@ -294,6 +294,13 @@ sub correct_urlbase { return Bugzilla->params->{'urlbase'}; } +sub use_attachbase { + my $attachbase = Bugzilla->params->{'attachment_base'}; + return ($attachbase ne '' + && $attachbase ne Bugzilla->params->{'urlbase'} + && $attachbase ne Bugzilla->params->{'sslbase'}) ? 1 : 0; +} + sub lsearch { my ($list,$item) = (@_); my $count = 0; @@ -803,6 +810,11 @@ cookies) to only some addresses. Returns either the C<sslbase> or C<urlbase> parameter, depending on the current setting for the C<ssl> parameter. +=item C<use_attachbase()> + +Returns true if an alternate host is used to display attachments; false +otherwise. + =back =head2 Searching |