diff options
author | Dylan Hardison <dylan@mozilla.com> | 2015-11-05 06:28:14 +0100 |
---|---|---|
committer | Dylan Hardison <dylan@mozilla.com> | 2015-11-05 06:28:14 +0100 |
commit | 534fc2123e40b7517aeaffd709faf72af97ac3b8 (patch) | |
tree | 18ad69c8fb22e213ee3256c0768e35dd964d2156 /extensions/GitHubAuth/lib/Util.pm | |
parent | 67d9618771441215d8c431b81bf66acd4faa2aa1 (diff) | |
download | bugzilla-534fc2123e40b7517aeaffd709faf72af97ac3b8.tar.gz bugzilla-534fc2123e40b7517aeaffd709faf72af97ac3b8.tar.xz |
Bug 1196743 - Fix information disclosure vulnerability that allows attacker to obtain victim's GitHub OAuth return code
Diffstat (limited to 'extensions/GitHubAuth/lib/Util.pm')
-rw-r--r-- | extensions/GitHubAuth/lib/Util.pm | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/extensions/GitHubAuth/lib/Util.pm b/extensions/GitHubAuth/lib/Util.pm deleted file mode 100644 index bda76a420..000000000 --- a/extensions/GitHubAuth/lib/Util.pm +++ /dev/null @@ -1,35 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -package Bugzilla::Extension::GitHubAuth::Util; - -use strict; -use warnings; - -use Bugzilla::Util qw(correct_urlbase); -use URI; - -use base qw(Exporter); -our @EXPORT = qw( target_uri ); - - -# this is like correct_urlbase() except it returns the *requested* uri, before http url rewrites have been applied. -# needed to generate github's redirect_uri. -sub target_uri { - my $cgi = Bugzilla->cgi; - my $base = URI->new(correct_urlbase()); - if (my $request_uri = $cgi->request_uri) { - $base->path(''); - $request_uri =~ s!^/+!!; - return URI->new($base . "/" . $request_uri); - } - else { - return URI->new(correct_urlbase() . $cgi->url(-relative => 1, query => )); - } -} - -1; |