From f9cd15c79202a50d7c0a3f9aa8de45c2c23cdb49 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Sat, 24 Oct 2009 05:22:45 +0000
Subject: Bug 523495: Re-work attachment.cgi and the general
 attachment_base-checking code to prevent an infinite redirect loop when
 ssl_redirect is on and Bugzilla has an attachment_base set. Patch by Max
 Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit

---
 Bugzilla/CGI.pm | 36 +++++++++++++++++++++++++++---------
 1 file changed, 27 insertions(+), 9 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index c30e13618..8c68f996c 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -28,6 +28,8 @@ use Bugzilla::Constants;
 use Bugzilla::Error;
 use Bugzilla::Util;
 
+use File::Basename;
+
 BEGIN {
     if (ON_WINDOWS) {
         # Help CGI find the correct temp directory as the default list
@@ -71,15 +73,9 @@ sub new {
     $self->charset(Bugzilla->params->{'utf8'} ? 'UTF-8' : '');
 
     # Redirect to urlbase/sslbase if we are not viewing an attachment.
-    if (use_attachbase() && i_am_cgi()) {
-        my $cgi_file = $self->url('-path_info' => 0, '-query' => 0, '-relative' => 1);
-        $cgi_file =~ s/\?$//;
-        my $urlbase = Bugzilla->params->{'urlbase'};
-        my $sslbase = Bugzilla->params->{'sslbase'};
-        my $path_regexp = $sslbase ? qr/^(\Q$urlbase\E|\Q$sslbase\E)/ : qr/^\Q$urlbase\E/;
-        if ($cgi_file ne 'attachment.cgi' && $self->self_url !~ /$path_regexp/) {
-            $self->redirect_to_urlbase;
-        }
+    my $script = basename($0);
+    if ($self->url_is_attachment_base and $script ne 'attachment.cgi') {
+        $self->redirect_to_urlbase();
     }
 
     # Check for errors
@@ -398,6 +394,28 @@ sub redirect_to_urlbase {
     exit;
 }
 
+sub url_is_attachment_base {
+    my ($self, $id) = @_;
+    return 0 if !use_attachbase() or !i_am_cgi();
+    my $attach_base = Bugzilla->params->{'attachment_base'};
+    # If we're passed an id, we only want one specific attachment base
+    # for a particular bug. If we're not passed an ID, we just want to
+    # know if our current URL matches the attachment_base *pattern*.
+    my $regex;
+    if ($id) {
+        $attach_base =~ s/\%bugid\%/$id/;
+        $regex = quotemeta($attach_base);
+    }
+    else {
+        # In this circumstance we run quotemeta first because we need to
+        # insert an active regex meta-character afterward.
+        $regex = quotemeta($attach_base);
+        $regex =~ s/\\\%bugid\\\%/\\d+/;
+    }
+    $regex = "^$regex";
+    return ($self->self_url =~ $regex) ? 1 : 0;
+}
+
 1;
 
 __END__
-- 
cgit v1.2.3-24-g4f1b