From 4d855c238fe9d98cde01aab62ecf17253ed20e4e Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Wed, 19 Aug 2015 12:59:52 +0800
Subject: Bug 1195544 - Information Disclosure Vulnerability Permits Attacker
 Obtains The GitHub OAUTH Return Code

---
 attachment.cgi | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'attachment.cgi')

diff --git a/attachment.cgi b/attachment.cgi
index d27c89e9f..78023560d 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -315,6 +315,8 @@ sub get_attachment {
             # Replace %bugid% by the ID of the bug the attachment 
             # belongs to, if present.
             $attachbase =~ s/\%bugid\%/$bug_id/;
+            # To avoid leaking information we redirect using the attachment ID only
+            $path = 'attachment.cgi?' . join('&', map { 'id=' . $attachments{$_}->id } keys %attachments);
             if (all_attachments_are_public(\%attachments)) {
                 # No need for a token; redirect to attachment base.
                 print $cgi->redirect(-location => $attachbase . $path);
-- 
cgit v1.2.3-24-g4f1b