diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2012-02-29 22:38:42 +0100 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-02-29 22:38:42 +0100 |
| commit | 07fbbbb38bdb82896d39d32d6d5fdecbec53cbb6 (patch) | |
| tree | b3b59e68e5fe63e5c58aa5dd8a3558893d19fb4d /Bugzilla/WebService | |
| parent | bd9b4e99a6f4640c155468aea101db32ba9559b8 (diff) | |
| parent | bda60403ea62b195b678dff88387d9b392c7f4be (diff) | |
| download | bugzilla-07fbbbb38bdb82896d39d32d6d5fdecbec53cbb6.tar.gz bugzilla-07fbbbb38bdb82896d39d32d6d5fdecbec53cbb6.tar.xz | |
merged with bugzilla/4.2
Diffstat (limited to 'Bugzilla/WebService')
| -rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 822709d85..025fb8f19 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -93,7 +93,10 @@ sub deserialize { my $self = shift; # Only allow certain content types to protect against CSRF attacks - if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) { + my $content_type = lc($ENV{'CONTENT_TYPE'}); + # Remove charset, etc, if provided + $content_type =~ s/^([^;]+);.*/$1/; + if (!grep($_ eq $content_type, XMLRPC_CONTENT_TYPE_WHITELIST)) { ThrowUserError('xmlrpc_illegal_content_type', { content_type => $ENV{'CONTENT_TYPE'} }); } |