From 0af9c776bc5223556c9140378a7a1ab76d94a7c0 Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Wed, 22 Feb 2012 10:48:50 -0500
Subject: Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the
 XML-RPC API when using mod_perl r/a=LpSolit

---
 Bugzilla/WebService/Server/XMLRPC.pm | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'Bugzilla/WebService/Server/XMLRPC.pm')

diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 67e7b7555..33a1e92d3 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -73,10 +73,18 @@ use XMLRPC::Lite;
 our @ISA = qw(XMLRPC::Deserializer);
 
 use Bugzilla::Error;
+use Bugzilla::WebService::Constants qw(XMLRPC_CONTENT_TYPE_WHITELIST);
 use Scalar::Util qw(tainted);
 
 sub deserialize {
     my $self = shift;
+
+    # Only allow certain content types to protect against CSRF attacks
+    if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) {
+        ThrowUserError('xmlrpc_illegal_content_type',
+                       { content_type => $ENV{'CONTENT_TYPE'} });
+    }
+
     my ($xml) = @_;
     my $som = $self->SUPER::deserialize(@_);
     if (tainted($xml)) {
-- 
cgit v1.2.3-24-g4f1b