From ba0b995c4453d3642e19343fa98f1b4034114f39 Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Wed, 15 Aug 2012 17:46:13 -0400 Subject: Bug 779088 - Allow extensions to whitelist PATH_INFO --- Bugzilla/CGI.pm | 13 ++++++++++++- Bugzilla/Hook.pm | 16 ++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) (limited to 'Bugzilla') diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 9d8a1c48f..ce89a9e6d 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -73,11 +73,22 @@ sub new { # Make sure our outgoing cookie list is empty on each invocation $self->{Bugzilla_cookie_list} = []; + # Path-Info is of no use for Bugzilla and interacts badly with IIS. + # Moreover, it causes unexpected behaviors, such as totally breaking + # the rendering of pages. + my $script = basename($0); + if ($self->path_info) { + my @whitelist; + Bugzilla::Hook::process('path_info_whitelist', { whitelist => \@whitelist }); + if (!grep($_ eq $script, @whitelist)) { + print $self->redirect($self->url(-path => 0, -query => 1)); + } + } + # Send appropriate charset $self->charset(Bugzilla->params->{'utf8'} ? 'UTF-8' : ''); # Redirect to urlbase/sslbase if we are not viewing an attachment. - my $script = basename($0); if ($self->url_is_attachment_base and $script ne 'attachment.cgi') { $self->redirect_to_urlbase(); } diff --git a/Bugzilla/Hook.pm b/Bugzilla/Hook.pm index c658989a0..27d70e7f5 100644 --- a/Bugzilla/Hook.pm +++ b/Bugzilla/Hook.pm @@ -1289,6 +1289,22 @@ your template. =back +=head2 path_info_whitelist + +By default, Bugzilla removes the Path-Info information from URLs before +passing data to CGI scripts. If this information is needed for your +customizations, you can enumerate the pages you want to whitelist here. + +Params: + +=over + +=item C + +An array of script names that will not have their Path-Info automatically +removed. + +=back =head2 post_bug_after_creation -- cgit v1.2.3-24-g4f1b