diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-10 01:46:03 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-10 01:46:03 +0200 |
commit | 36e4d1fddb336e0ebfb61e0b7870e2b60c666ef5 (patch) | |
tree | 0cdfbda05f2324575d3da845be7d1d1c10d0bc4d /Bugzilla | |
parent | e002b3fdae068007cfe20c0ae6f598489161ea48 (diff) | |
download | bugzilla-36e4d1fddb336e0ebfb61e0b7870e2b60c666ef5.tar.gz bugzilla-36e4d1fddb336e0ebfb61e0b7870e2b60c666ef5.tar.xz |
Bug 677187: If the attachment filename contains a newline, an error is thrown when trying to download the attachment
r/a=mkanat
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Attachment.pm | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index 7cd350dde..a39dc3af4 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -518,9 +518,13 @@ sub _check_content_type { my $is_patch = ref($invocant) ? $invocant->ispatch : $params->{ispatch}; $content_type = 'text/plain' if $is_patch; - $content_type = trim($content_type); + $content_type = clean_text($content_type); + # The subsets below cover all existing MIME types and charsets registered by IANA. + # (MIME type: RFC 2045 section 5.1; charset: RFC 2278 section 3.3) my $legal_types = join('|', LEGAL_CONTENT_TYPES); - if (!$content_type or $content_type !~ /^($legal_types)\/.+$/) { + if (!$content_type + || $content_type !~ /^($legal_types)\/[a-z0-9_\-\+\.]+(;\s*charset=[a-z0-9_\-\+]+)?$/i) + { ThrowUserError("invalid_content_type", { contenttype => $content_type }); } trick_taint($content_type); @@ -560,7 +564,7 @@ sub _check_description { sub _check_filename { my ($invocant, $filename) = @_; - $filename = trim($filename); + $filename = clean_text($filename); $filename || ThrowUserError('file_not_specified'); # Remove path info (if any) from the file name. The browser should do this |