diff options
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Install/DB.pm | 2 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm index 7dc203933..14425ab40 100644 --- a/Bugzilla/Install/DB.pm +++ b/Bugzilla/Install/DB.pm @@ -3605,7 +3605,7 @@ sub _populate_bug_see_also_class { if ($dbh->bz_column_info('bug_see_also', 'class')) { # The length was incorrectly set to 64 instead of 255. $dbh->bz_alter_column('bug_see_also', 'class', - {TYPE => 'varchar(255)', NOTNULL => 1}); + {TYPE => 'varchar(255)', NOTNULL => 1, DEFAULT => "''"}); return; } diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 822709d85..025fb8f19 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -93,7 +93,10 @@ sub deserialize { my $self = shift; # Only allow certain content types to protect against CSRF attacks - if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) { + my $content_type = lc($ENV{'CONTENT_TYPE'}); + # Remove charset, etc, if provided + $content_type =~ s/^([^;]+);.*/$1/; + if (!grep($_ eq $content_type, XMLRPC_CONTENT_TYPE_WHITELIST)) { ThrowUserError('xmlrpc_illegal_content_type', { content_type => $ENV{'CONTENT_TYPE'} }); } |