diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2012-02-22 16:38:20 +0100 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-02-22 16:38:20 +0100 |
| commit | 69ad536a55aaa58bfd4cb68578061dd5efe5b84d (patch) | |
| tree | 5915dfacba496980a5376cfc5ee6b2937734f3df /Bugzilla/WebService/Server/XMLRPC.pm | |
| parent | e00513c9a718d79fcd9b9bfd67a5938380519e10 (diff) | |
| download | bugzilla-69ad536a55aaa58bfd4cb68578061dd5efe5b84d.tar.gz bugzilla-69ad536a55aaa58bfd4cb68578061dd5efe5b84d.tar.xz | |
Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC API when using mod_perl
r/a=LpSolit
Diffstat (limited to 'Bugzilla/WebService/Server/XMLRPC.pm')
| -rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 5c3677993..822709d85 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -86,10 +86,18 @@ use XMLRPC::Lite; our @ISA = qw(XMLRPC::Deserializer); use Bugzilla::Error; +use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST); use Scalar::Util qw(tainted); sub deserialize { my $self = shift; + + # Only allow certain content types to protect against CSRF attacks + if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) { + ThrowUserError('xmlrpc_illegal_content_type', + { content_type => $ENV{'CONTENT_TYPE'} }); + } + my ($xml) = @_; my $som = $self->SUPER::deserialize(@_); if (tainted($xml)) { |