From 0b7cd97e2e75eabee69d663530912e57dd715213 Mon Sep 17 00:00:00 2001
From: Dylan Hardison <dylan@mozilla.com>
Date: Wed, 9 Mar 2016 22:09:53 -0500
Subject: Bug 1254542 - Reflected XSS in comment-remo-form-payment.txt page

---
 Bugzilla/Constants.pm | 1 +
 Bugzilla/Template.pm  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index cfa2be909..5f41cd3f6 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -508,6 +508,7 @@ use constant contenttypes =>
    "csv"  => "text/csv" ,
    "png"  => "image/png" ,
    "ics"  => "text/calendar" ,
+   "txt"  => "text/plain",
   };
 
 # Usage modes. Default USAGE_MODE_BROWSER. Use with Bugzilla->usage_mode.
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 076e654cb..56ebd9c21 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -144,7 +144,7 @@ sub get_format {
         'template'    => $template,
         'format'      => $format,
         'extension'   => $ctype,
-        'ctype'       => Bugzilla::Constants::contenttypes->{$ctype}
+        'ctype'       => Bugzilla::Constants::contenttypes->{$ctype} // 'application/octet-stream',
     };
 }
 
-- 
cgit v1.2.3-24-g4f1b