summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2009-10-24 07:22:45 +0200
committermkanat%bugzilla.org <>2009-10-24 07:22:45 +0200
commitf9cd15c79202a50d7c0a3f9aa8de45c2c23cdb49 (patch)
tree8a45972d5cc074cd689c1a6215ebc5cbfa72ed2c /Bugzilla
parenta2dd3b00284fd4724d3408274cb1156c7a77d187 (diff)
downloadbugzilla-f9cd15c79202a50d7c0a3f9aa8de45c2c23cdb49.tar.gz
bugzilla-f9cd15c79202a50d7c0a3f9aa8de45c2c23cdb49.tar.xz
Bug 523495: Re-work attachment.cgi and the general attachment_base-checking code to prevent an infinite redirect loop when ssl_redirect is on and Bugzilla has an attachment_base set.
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/CGI.pm36
1 files changed, 27 insertions, 9 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index c30e13618..8c68f996c 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -28,6 +28,8 @@ use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Util;
+use File::Basename;
+
BEGIN {
if (ON_WINDOWS) {
# Help CGI find the correct temp directory as the default list
@@ -71,15 +73,9 @@ sub new {
$self->charset(Bugzilla->params->{'utf8'} ? 'UTF-8' : '');
# Redirect to urlbase/sslbase if we are not viewing an attachment.
- if (use_attachbase() && i_am_cgi()) {
- my $cgi_file = $self->url('-path_info' => 0, '-query' => 0, '-relative' => 1);
- $cgi_file =~ s/\?$//;
- my $urlbase = Bugzilla->params->{'urlbase'};
- my $sslbase = Bugzilla->params->{'sslbase'};
- my $path_regexp = $sslbase ? qr/^(\Q$urlbase\E|\Q$sslbase\E)/ : qr/^\Q$urlbase\E/;
- if ($cgi_file ne 'attachment.cgi' && $self->self_url !~ /$path_regexp/) {
- $self->redirect_to_urlbase;
- }
+ my $script = basename($0);
+ if ($self->url_is_attachment_base and $script ne 'attachment.cgi') {
+ $self->redirect_to_urlbase();
}
# Check for errors
@@ -398,6 +394,28 @@ sub redirect_to_urlbase {
exit;
}
+sub url_is_attachment_base {
+ my ($self, $id) = @_;
+ return 0 if !use_attachbase() or !i_am_cgi();
+ my $attach_base = Bugzilla->params->{'attachment_base'};
+ # If we're passed an id, we only want one specific attachment base
+ # for a particular bug. If we're not passed an ID, we just want to
+ # know if our current URL matches the attachment_base *pattern*.
+ my $regex;
+ if ($id) {
+ $attach_base =~ s/\%bugid\%/$id/;
+ $regex = quotemeta($attach_base);
+ }
+ else {
+ # In this circumstance we run quotemeta first because we need to
+ # insert an active regex meta-character afterward.
+ $regex = quotemeta($attach_base);
+ $regex =~ s/\\\%bugid\\\%/\\d+/;
+ }
+ $regex = "^$regex";
+ return ($self->self_url =~ $regex) ? 1 : 0;
+}
+
1;
__END__