From 0514605a98956216ded50969c26b2d78dcf2e260 Mon Sep 17 00:00:00 2001
From: "gerv%gerv.net" <>
Date: Fri, 19 Oct 2001 04:28:06 +0000
Subject: Bug 60818 - make Bugzilla cope with MIME types with parameters. Patch
 by gerv, r=myk.

---
 bug_form.pl          | 1 +
 createattachment.cgi | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/bug_form.pl b/bug_form.pl
index 5938f3aea..d3311fee5 100644
--- a/bug_form.pl
+++ b/bug_form.pl
@@ -299,6 +299,7 @@ if (Param('useattachmenttracker')) {
         }
         my $link = "showattachment.cgi?attach_id=$attachid";
         $desc = value_quote($desc);
+        $mimetype = html_quote($mimetype);
         print qq{<td><a href="$link">$date</a></td><td colspan=6>$desc&nbsp;&nbsp;&nbsp;($mimetype)</td></tr><tr><td></td>};
     }
     print "<td colspan=7><a href=\"createattachment.cgi?id=$id\">Create a new attachment</a> (proposed patch, testcase, etc.)</td></tr></table>\n";
diff --git a/createattachment.cgi b/createattachment.cgi
index 619abbd26..d665e4498 100755
--- a/createattachment.cgi
+++ b/createattachment.cgi
@@ -84,8 +84,9 @@ What kind of file is this?
     if ($mimetype eq "other") {
         $mimetype = $::FORM{'othertype'};
     }
-    if ($mimetype !~ m@^(\w|-|\+|\.)+/(\w|-|\+|\.)+$@) {
-        PuntTryAgain("You must select a legal mime type.  '<tt>$mimetype</tt>' simply will not do.");
+    if ($mimetype !~ m@^(\w|-|\+|\.)+/(\w|-|\+|\.)+(;.*)?$@) {
+        PuntTryAgain("You must select a legal mime type.  '<tt>" .
+        html_quote($mimetype) . "</tt>' simply will not do.");
     }
     SendSQL("insert into attachments (bug_id, filename, description, mimetype, ispatch, submitter_id, thedata) values ($id," .
             SqlQuote($::FILENAME{'data'}) . ", " . SqlQuote($desc) . ", " .
-- 
cgit v1.2.3-24-g4f1b