summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-08-19 06:59:52 +0200
committerByron Jones <glob@mozilla.com>2015-08-19 06:59:52 +0200
commit4d855c238fe9d98cde01aab62ecf17253ed20e4e (patch)
treed13196e809195b1d52c659f2ca5c0c0cfac6ed98 /attachment.cgi
parenteb35e8e7d642dc16e89d373f37142225327965b8 (diff)
downloadbugzilla-4d855c238fe9d98cde01aab62ecf17253ed20e4e.tar.gz
bugzilla-4d855c238fe9d98cde01aab62ecf17253ed20e4e.tar.xz
Bug 1195544 - Information Disclosure Vulnerability Permits Attacker Obtains The GitHub OAUTH Return Code
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi2
1 files changed, 2 insertions, 0 deletions
diff --git a/attachment.cgi b/attachment.cgi
index d27c89e9f..78023560d 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -315,6 +315,8 @@ sub get_attachment {
# Replace %bugid% by the ID of the bug the attachment
# belongs to, if present.
$attachbase =~ s/\%bugid\%/$bug_id/;
+ # To avoid leaking information we redirect using the attachment ID only
+ $path = 'attachment.cgi?' . join('&', map { 'id=' . $attachments{$_}->id } keys %attachments);
if (all_attachments_are_public(\%attachments)) {
# No need for a token; redirect to attachment base.
print $cgi->redirect(-location => $attachbase . $path);