summaryrefslogtreecommitdiffstats
path: root/Bugzilla/WebService/Server
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2012-02-22 16:38:20 +0100
committerDave Lawrence <dlawrence@mozilla.com>2012-02-22 16:38:20 +0100
commit69ad536a55aaa58bfd4cb68578061dd5efe5b84d (patch)
tree5915dfacba496980a5376cfc5ee6b2937734f3df /Bugzilla/WebService/Server
parente00513c9a718d79fcd9b9bfd67a5938380519e10 (diff)
downloadbugzilla-69ad536a55aaa58bfd4cb68578061dd5efe5b84d.tar.gz
bugzilla-69ad536a55aaa58bfd4cb68578061dd5efe5b84d.tar.xz
Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC API when using mod_perl
r/a=LpSolit
Diffstat (limited to 'Bugzilla/WebService/Server')
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm8
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 5c3677993..822709d85 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -86,10 +86,18 @@ use XMLRPC::Lite;
our @ISA = qw(XMLRPC::Deserializer);
use Bugzilla::Error;
+use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
use Scalar::Util qw(tainted);
sub deserialize {
my $self = shift;
+
+ # Only allow certain content types to protect against CSRF attacks
+ if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) {
+ ThrowUserError('xmlrpc_illegal_content_type',
+ { content_type => $ENV{'CONTENT_TYPE'} });
+ }
+
my ($xml) = @_;
my $som = $self->SUPER::deserialize(@_);
if (tainted($xml)) {