From 40e28180ebcc7996ff3c8e1a20439c019d6bd6b6 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Wed, 29 Feb 2012 12:54:01 +0800 Subject: Bug 731219: Fix XMLRPC breakage when content-type contains a charset r=dkl, a=LpSolit --- Bugzilla/WebService/Server/XMLRPC.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'Bugzilla') diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 33a1e92d3..e8fb5de99 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -80,7 +80,10 @@ sub deserialize { my $self = shift; # Only allow certain content types to protect against CSRF attacks - if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) { + my $content_type = lc($ENV{'CONTENT_TYPE'}); + # Remove charset, etc, if provided + $content_type =~ s/^([^;]+);.*/$1/; + if (!grep($_ eq $content_type, XMLRPC_CONTENT_TYPE_WHITELIST)) { ThrowUserError('xmlrpc_illegal_content_type', { content_type => $ENV{'CONTENT_TYPE'} }); } -- cgit v1.2.3-24-g4f1b