diff options
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Auth/Login/CGI.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/BugUrl/Bugzilla/Local.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/CGI.pm | 31 | ||||
| -rw-r--r-- | Bugzilla/Config/Advanced.pm | 6 | ||||
| -rw-r--r-- | Bugzilla/Config/Attachment.pm | 8 | ||||
| -rw-r--r-- | Bugzilla/Config/Common.pm | 28 | ||||
| -rw-r--r-- | Bugzilla/Config/Core.pm | 46 | ||||
| -rw-r--r-- | Bugzilla/Install/Filesystem.pm | 12 | ||||
| -rw-r--r-- | Bugzilla/Install/Localconfig.pm | 19 | ||||
| -rw-r--r-- | Bugzilla/Mailer.pm | 9 | ||||
| -rw-r--r-- | Bugzilla/Search/Quicksearch.pm | 6 | ||||
| -rw-r--r-- | Bugzilla/Template.pm | 6 | ||||
| -rw-r--r-- | Bugzilla/Util.pm | 40 | ||||
| -rw-r--r-- | Bugzilla/WebService/Server/JSONRPC.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/WebService/Server/REST.pm | 4 |
15 files changed, 52 insertions, 169 deletions
diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm index 22a765f61..a813529d5 100644 --- a/Bugzilla/Auth/Login/CGI.pm +++ b/Bugzilla/Auth/Login/CGI.pm @@ -49,7 +49,7 @@ sub get_login_info { # Attachments are served from a separate host (ideally), and so # an evil attachment cannot abuse this check with a redirect. elsif (my $referer = $cgi->referer) { - my $urlbase = correct_urlbase(); + my $urlbase = Bugzilla->localconfig->{urlbase}; $valid = 1 if $referer =~ /^\Q$urlbase\E/; } # If the web browser doesn't accept cookies and the Referer header diff --git a/Bugzilla/BugUrl/Bugzilla/Local.pm b/Bugzilla/BugUrl/Bugzilla/Local.pm index a5cb5d49b..14d03f048 100644 --- a/Bugzilla/BugUrl/Bugzilla/Local.pm +++ b/Bugzilla/BugUrl/Bugzilla/Local.pm @@ -96,7 +96,7 @@ sub _check_value { sub local_uri { my ($self, $bug_id) = @_; $bug_id ||= ''; - return correct_urlbase() . "show_bug.cgi?id=$bug_id"; + return Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$bug_id"; } 1; diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index ea8d96da8..0f9b0cf88 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -57,12 +57,12 @@ sub DEFAULT_CSP { # Because show_bug code lives in many different .cgi files, # we needed a centralized place to define the policy. # normally the policy would just live in one .cgi file. -# Additionally, correct_urlbase() cannot be called at compile time, so this can't be a constant. +# Additionally, Bugzilla->localconfig->{urlbase} cannot be called at compile time, so this can't be a constant. sub SHOW_BUG_MODAL_CSP { my ($bug_id) = @_; my %policy = ( script_src => ['self', 'nonce', 'unsafe-inline', 'unsafe-eval', 'https://www.google-analytics.com' ], - object_src => [correct_urlbase() . "extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf"], + object_src => [Bugzilla->localconfig->{urlbase} . "extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf"], img_src => [ 'self', 'https://secure.gravatar.com', 'https://www.google-analytics.com' ], connect_src => [ 'self', @@ -76,7 +76,7 @@ sub SHOW_BUG_MODAL_CSP { ], ); if (use_attachbase() && $bug_id) { - my $attach_base = Bugzilla->params->{'attachment_base'}; + my $attach_base = Bugzilla->localconfig->{'attachment_base'}; $attach_base =~ s/\%bugid\%/$bug_id/g; push @{ $policy{img_src} }, $attach_base; } @@ -141,7 +141,7 @@ sub new { # Send appropriate charset $self->charset(Bugzilla->params->{'utf8'} ? 'UTF-8' : ''); - # Redirect to urlbase/sslbase if we are not viewing an attachment. + # Redirect to urlbase if we are not viewing an attachment. if ($self->url_is_attachment_base and $script ne 'attachment.cgi') { $self->redirect_to_urlbase(); } @@ -177,7 +177,7 @@ sub new { sub target_uri { my ($self) = @_; - my $base = correct_urlbase(); + my $base = Bugzilla->localconfig->{urlbase}; if (my $request_uri = $self->request_uri) { my $base_uri = URI->new($base); $base_uri->path(''); @@ -594,11 +594,12 @@ sub send_cookie { } # Add the default path and the domain in. - $paramhash{'-path'} = Bugzilla->params->{'cookiepath'}; - $paramhash{'-domain'} = Bugzilla->params->{'cookiedomain'} - if Bugzilla->params->{'cookiedomain'}; + state $uri = URI->new( Bugzilla->localconfig->{urlbase} ); + $paramhash{'-path'} = $uri->path; + # we don't set the domain. $paramhash{'-secure'} = 1 - if Bugzilla->params->{'ssl_redirect'}; + if lc( $uri->scheme ) eq 'https'; + # Move the param list back into an array for the call to cookie(). foreach (keys(%paramhash)) { @@ -683,14 +684,15 @@ sub redirect_search_url { sub redirect_to_https { my $self = shift; - my $sslbase = Bugzilla->params->{'sslbase'}; + my $urlbase = Bugzilla->localconfig->{'urlbase'}; + # If this is a POST, we don't want ?POSTDATA in the query string. # We expect the client to re-POST, which may be a violation of # the HTTP spec, but the only time we're expecting it often is # in the WebService, and WebService clients usually handle this # correctly. $self->delete('POSTDATA'); - my $url = $sslbase . $self->url('-path_info' => 1, '-query' => 1, + my $url = $urlbase . $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1); # XML-RPC clients (SOAP::Lite at least) require a 301 to redirect properly @@ -707,14 +709,14 @@ sub redirect_to_https { sub redirect_to_urlbase { my $self = shift; my $path = $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1); - print $self->redirect('-location' => correct_urlbase() . $path); + print $self->redirect('-location' => Bugzilla->localconfig->{urlbase} . $path); exit; } sub url_is_attachment_base { my ($self, $id) = @_; return 0 if !use_attachbase() or !i_am_cgi(); - my $attach_base = Bugzilla->params->{'attachment_base'}; + my $attach_base = Bugzilla->localconfig->{'attachment_base'}; # If we're passed an id, we only want one specific attachment base # for a particular bug. If we're not passed an ID, we just want to # know if our current URL matches the attachment_base *pattern*. @@ -860,9 +862,6 @@ As its only argument, it takes the name of the cookie to expire. =item C<redirect_to_https> -This routine redirects the client to the https version of the page that -they're looking at, using the C<sslbase> parameter for the redirection. - Generally you should use L<Bugzilla::Util/do_ssl_redirect_if_required> instead of calling this directly. diff --git a/Bugzilla/Config/Advanced.pm b/Bugzilla/Config/Advanced.pm index d7fdd34aa..dc5be490f 100644 --- a/Bugzilla/Config/Advanced.pm +++ b/Bugzilla/Config/Advanced.pm @@ -17,12 +17,6 @@ our $sortkey = 1700; use constant get_param_list => ( { - name => 'cookiedomain', - type => 't', - default => '' - }, - - { name => 'inbound_proxies', type => 't', default => '', diff --git a/Bugzilla/Config/Attachment.pm b/Bugzilla/Config/Attachment.pm index bc2f45029..c3dbd03ed 100644 --- a/Bugzilla/Config/Attachment.pm +++ b/Bugzilla/Config/Attachment.pm @@ -24,12 +24,6 @@ sub get_param_list { default => 0 }, { - name => 'attachment_base', - type => 't', - default => '', - checker => \&check_urlbase - }, - { name => 'allow_attachment_deletion', type => 'b', default => 0 @@ -68,7 +62,7 @@ sub get_param_list { sub check_params { my ( $class, $params ) = @_; - return unless $params->{attachment_storage} eq 's3'; + return '' unless $params->{attachment_storage} eq 's3'; if ( $params->{s3_bucket} eq '' || $params->{aws_access_key_id} eq '' diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm index 8b1a9da91..fabf7c880 100644 --- a/Bugzilla/Config/Common.pm +++ b/Bugzilla/Config/Common.pm @@ -23,7 +23,7 @@ use Bugzilla::Status; use base qw(Exporter); @Bugzilla::Config::Common::EXPORT = qw( check_multi check_numeric check_regexp check_url check_group - check_sslbase check_priority check_severity check_platform + check_priority check_severity check_platform check_opsys check_shadowdb check_urlbase check_webdotbase check_user_verify_class check_mail_delivery_method check_notification check_utf8 @@ -81,32 +81,6 @@ sub check_email { return ""; } -sub check_sslbase { - my $url = shift; - if ( $url ne '' ) { - if ( $url !~ m#^https://([^/]+).*/$# ) { - return "must be a legal URL, that starts with https and ends with a slash."; - } - my $host = $1; - - # Fall back to port 443 if for some reason getservbyname() fails. - my $port = getservbyname( 'https', 'tcp' ) || 443; - if ( $host =~ /^(.+):(\d+)$/ ) { - $host = $1; - $port = $2; - } - local *SOCK; - my $proto = getprotobyname('tcp'); - socket( SOCK, PF_INET, SOCK_STREAM, $proto ); - my $iaddr = inet_aton($host) || return "The host $host cannot be resolved"; - my $sin = sockaddr_in( $port, $iaddr ); - if ( !connect( SOCK, $sin ) ) { - return "Failed to connect to $host:$port; unable to enable SSL"; - } - close(SOCK); - } - return ""; -} sub check_utf8 { my $utf8 = shift; diff --git a/Bugzilla/Config/Core.pm b/Bugzilla/Config/Core.pm deleted file mode 100644 index b3848a16e..000000000 --- a/Bugzilla/Config/Core.pm +++ /dev/null @@ -1,46 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -package Bugzilla::Config::Core; - -use 5.10.1; -use strict; -use warnings; - -use Bugzilla::Config::Common; - -our $sortkey = 100; - -use constant get_param_list => ( - { - name => 'urlbase', - type => 't', - default => '', - checker => \&check_urlbase - }, - - { - name => 'ssl_redirect', - type => 'b', - default => 0 - }, - - { - name => 'sslbase', - type => 't', - default => '', - checker => \&check_sslbase - }, - - { - name => 'cookiepath', - type => 't', - default => '/' - }, -); - -1; diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index bb87e499e..01b8d7e8e 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -416,9 +416,6 @@ sub FILESYSTEM { "skins/yui3.css" => { perms => CGI_READ, overwrite => 1, contents => $yui3_all_css }, - "robots.txt" => { perms => CGI_READ, - overwrite => 1, - contents => \&robots_txt}, "httpd/env.conf" => { perms => CGI_READ, overwrite => 1, contents => \&HTTPD_ENV_CONF }, @@ -969,15 +966,6 @@ sub _check_web_server_group { return $group_id; } -sub robots_txt { - my $output = ''; - my %vars; - Bugzilla::Hook::process("before_robots_txt", { vars => \%vars }); - Bugzilla->template->process("robots.txt.tmpl", \%vars, \$output) - or die Bugzilla->template->error; - return $output; -} - 1; diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index c1c8fb12e..f877829c5 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -31,6 +31,7 @@ use Tie::Hash::NamedCapture; use Safe; use Term::ANSIColor; use Taint::Util qw(untaint); +use Sys::Hostname qw(hostname); use parent qw(Exporter); @@ -122,10 +123,11 @@ use constant LOCALCONFIG_VARS => ( }, { name => 'diffpath', - default => sub { dirname(bin_loc('diff')) }, + default => sub { dirname( bin_loc('diff') ) }, }, { - name => 'site_wide_secret', + name => 'site_wide_secret', + # 64 characters is roughly the equivalent of a 384-bit key, which # is larger than anybody would ever be able to brute-force. default => sub { generate_random_password(64) }, @@ -148,14 +150,23 @@ use constant LOCALCONFIG_VARS => ( }, { name => 'memcached_servers', - default => _migrate_param("memcached_servers", ""), + default => _migrate_param( "memcached_servers", "" ), }, { name => 'memcached_namespace', - default => _migrate_param("memcached_namespace", "bugzilla:"), + default => _migrate_param( "memcached_namespace", "bugzilla:" ), + }, + { + name => 'urlbase', + default => _migrate_param( "urlbase", "" ), }, + { + name => 'attachment_base', + default => _migrate_param( "attachment_base", '' ), + } ); + use constant ENV_KEYS => ( (map { ENV_PREFIX . $_->{name} } LOCALCONFIG_VARS), (map { ENV_PREFIX . $_ } PARAM_OVERRIDE), diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm index 768f68607..6e46d1862 100644 --- a/Bugzilla/Mailer.pm +++ b/Bugzilla/Mailer.pm @@ -104,10 +104,7 @@ sub MessageToMTA { # We add this header to uniquely identify all email that we # send as coming from this Bugzilla installation. # - # We don't use correct_urlbase, because we want this URL to - # *always* be the same for this Bugzilla, in every email, - # even if the admin changes the "ssl_redirect" parameter some day. - $email->header_set('X-Bugzilla-URL', Bugzilla->params->{'urlbase'}); + $email->header_set('X-Bugzilla-URL', Bugzilla->localconfig->{urlbase}); # We add this header to mark the mail as "auto-generated" and # thus to hopefully avoid auto replies. @@ -156,7 +153,7 @@ sub MessageToMTA { else { # Sendmail will automatically append our hostname to the From # address, but other mailers won't. - my $urlbase = Bugzilla->params->{'urlbase'}; + my $urlbase = Bugzilla->localconfig->{urlbase}; $urlbase =~ m|//([^:/]+)[:/]?|; $hostname = $1; $from .= "\@$hostname" if $from !~ /@/; @@ -248,7 +245,7 @@ sub build_thread_marker { $user_id = Bugzilla->user->id; } - my $sitespec = '@' . Bugzilla->params->{'urlbase'}; + my $sitespec = '@' . Bugzilla->localconfig->{urlbase}; $sitespec =~ s/:\/\//\./; # Make the protocol look like part of the domain $sitespec =~ s/^([^:\/]+):(\d+)/$1/; # Remove a port number, to relocate if ($2) { diff --git a/Bugzilla/Search/Quicksearch.pm b/Bugzilla/Search/Quicksearch.pm index b28829c3a..6897d2219 100644 --- a/Bugzilla/Search/Quicksearch.pm +++ b/Bugzilla/Search/Quicksearch.pm @@ -266,7 +266,7 @@ sub quicksearch { my $modified_query_string = $cgi->canonicalise_query(@params_to_strip); if ($cgi->param('load')) { - my $urlbase = correct_urlbase(); + my $urlbase = Bugzilla->localconfig->{urlbase}; # Param 'load' asks us to display the query in the advanced search form. print $cgi->redirect(-uri => "${urlbase}query.cgi?format=advanced&" . $modified_query_string); @@ -315,7 +315,7 @@ sub _bug_numbers_only { if ($searchstring !~ /,/ && !i_am_webservice()) { # Single bug number; shortcut to show_bug.cgi. print $cgi->redirect( - -uri => correct_urlbase() . "show_bug.cgi?id=$searchstring"); + -uri => Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$searchstring"); exit; } else { @@ -338,7 +338,7 @@ sub _handle_alias { if ($bug_id && Bugzilla->user->can_see_bug($bug_id) && !i_am_webservice()) { $alias = url_quote($alias); print Bugzilla->cgi->redirect( - -uri => correct_urlbase() . "show_bug.cgi?id=$alias"); + -uri => Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$alias"); exit; } } diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 49b7e9435..206f2f3cb 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -191,9 +191,7 @@ sub quoteUrls { } # Provide tooltips for full bug links (Bug 74355) - my $urlbase_re = '(' . join('|', - map { qr/$_/ } grep($_, Bugzilla->params->{'urlbase'}, - Bugzilla->params->{'sslbase'})) . ')'; + my $urlbase_re = quotemeta(Bugzilla->localconfig->{urlbase}); $text =~ s~\b(${urlbase_re}\Qshow_bug.cgi?id=\E([0-9]+)(\#c([0-9]+))?)\b ~($things[$count++] = $bug_link_func->($3, $1, { comment_num => $5, user => $user })) && ("\x{FDD2}" . ($count-1) . "\x{FDD3}") @@ -1036,7 +1034,7 @@ sub create { 'sudoer' => sub { return Bugzilla->sudoer; }, # Allow templates to access the "corect" URLBase value - 'urlbase' => sub { return Bugzilla::Util::correct_urlbase(); }, + 'urlbase' => sub { return Bugzilla->localconfig->{urlbase}; }, # Allow templates to access docs url with users' preferred language 'docs_urlbase' => sub { diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index df2f78823..c23e738e6 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -259,34 +259,14 @@ sub i_am_webservice { # (doing so can mess up XML-RPC). sub do_ssl_redirect_if_required { return if !i_am_cgi(); - return if !Bugzilla->params->{'ssl_redirect'}; - - my $sslbase = Bugzilla->params->{'sslbase'}; + my $uri = URI->new(Bugzilla->localconfig->{'urlbase'}); + return if $uri->scheme ne 'https'; # If we're already running under SSL, never redirect. - return if uc($ENV{HTTPS} || '') eq 'ON'; - # Never redirect if there isn't an sslbase. - return if !$sslbase; + return if $ENV{HTTPS} && $ENV{HTTPS} eq 'on'; Bugzilla->cgi->redirect_to_https(); } -sub correct_urlbase { - my $ssl = Bugzilla->params->{'ssl_redirect'}; - my $urlbase = Bugzilla->params->{'urlbase'}; - my $sslbase = Bugzilla->params->{'sslbase'}; - - if (!$sslbase) { - return $urlbase; - } - elsif ($ssl) { - return $sslbase; - } - else { - # Return what the user currently uses. - return (uc($ENV{HTTPS} || '') eq 'ON') ? $sslbase : $urlbase; - } -} - # Returns the real remote address of the client, sub remote_ip { my $remote_ip = $ENV{'REMOTE_ADDR'} || '127.0.0.1'; @@ -383,10 +363,9 @@ sub is_ipv6 { } sub use_attachbase { - my $attachbase = Bugzilla->params->{'attachment_base'}; - return ($attachbase ne '' - && $attachbase ne Bugzilla->params->{'urlbase'} - && $attachbase ne Bugzilla->params->{'sslbase'}) ? 1 : 0; + my $attachbase = Bugzilla->localconfig->{'attachment_base'}; + my $urlbase = Bugzilla->localconfig->{'urlbase'}; + return ($attachbase ne '' && $attachbase ne $urlbase); } sub diff_arrays { @@ -932,7 +911,7 @@ Bugzilla::Util - Generic utility functions for bugzilla # Functions that tell you about your environment my $is_cgi = i_am_cgi(); my $is_webservice = i_am_webservice(); - my $urlbase = correct_urlbase(); + my $urlbase = Bugzilla->localconfig->{urlbase}; # Data manipulation ($removed, $added) = diff_arrays(\@old, \@new); @@ -1066,11 +1045,6 @@ in a command-line script. Tells you whether or not the current usage mode is WebServices related such as JSONRPC or XMLRPC. -=item C<correct_urlbase()> - -Returns either the C<sslbase> or C<urlbase> parameter, depending on the -current setting for the C<ssl_redirect> parameter. - =item C<remote_ip()> Returns the IP address of the remote client. If Bugzilla is behind diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index 0bd7b4648..093167048 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -149,7 +149,7 @@ sub retrieve_json_from_get { # order to throw proper errors. We use the installation's urlbase as # the id, in this case. else { - $id = correct_urlbase(); + $id = Bugzilla->localconfig->{urlbase}; } # Setting _bz_request_id here is required in case we throw errors early, # before _handle. diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index 6e1944061..6fb86fdd4 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -17,7 +17,7 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Hook; -use Bugzilla::Util qw(correct_urlbase html_quote disable_utf8 enable_utf8); +use Bugzilla::Util qw(html_quote disable_utf8 enable_utf8); use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(taint_data fix_credentials); @@ -94,7 +94,7 @@ sub handle { # also set up the correct handler method my $obj = { version => '1.1', - id => correct_urlbase(), + id => Bugzilla->localconfig->{urlbase}, method => $self->bz_method_name, params => $params }; |