summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2017-07-03 20:09:11 +0200
committerDylan William Hardison <dylan@hardison.net>2017-07-07 00:19:20 +0200
commit5eab2f4864c28ab945f92800c3294e968dd01428 (patch)
treecdad53f653f0a362b2c370c16b489c0f49213501 /Bugzilla
parentc05a32842ee123801b628f5fe0472cb6abbbafdb (diff)
downloadbugzilla-5eab2f4864c28ab945f92800c3294e968dd01428.tar.gz
bugzilla-5eab2f4864c28ab945f92800c3294e968dd01428.tar.xz
Bug 1373295 - Encoded slashes in url allow misleading text on unstyled 404 pages due to AllowEncodedSlashes
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/ModPerl.pm8
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla/ModPerl.pm b/Bugzilla/ModPerl.pm
index 42048a5c5..7c367ed2e 100644
--- a/Bugzilla/ModPerl.pm
+++ b/Bugzilla/ModPerl.pm
@@ -73,6 +73,14 @@ __DATA__
# so we need to srand() both of them.)
PerlChildInitHandler "sub { Bugzilla::RNG::srand(); srand(); }"
+# It is important to specify ErrorDocuments outside of all directories.
+# These used to be in .htaccess, but then things like "AllowEncodedSlashes no"
+# mean that urls containing %2f are unstyled.
+ErrorDocument 401 /errors/401.html
+ErrorDocument 403 /errors/403.html
+ErrorDocument 404 /errors/404.html
+ErrorDocument 500 /errors/500.html
+
<Directory "[% cgi_path %]">
AddHandler perl-script .cgi
# No need to PerlModule these because they're already defined in mod_perl.pl