diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2012-02-22 10:48:50 -0500 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2012-02-22 10:48:50 -0500 |
commit | 0af9c776bc5223556c9140378a7a1ab76d94a7c0 (patch) | |
tree | d3c98ddad84d0016185362998f7ea6d7bd6141d7 /Bugzilla/WebService/Constants.pm | |
parent | a50a0814289d7a27acfb6e7ae6308bea5faa072e (diff) | |
download | bugs-0af9c776bc5223556c9140378a7a1ab76d94a7c0.tar bugs-0af9c776bc5223556c9140378a7a1ab76d94a7c0.tar.gz bugs-0af9c776bc5223556c9140378a7a1ab76d94a7c0.tar.bz2 bugs-0af9c776bc5223556c9140378a7a1ab76d94a7c0.tar.xz bugs-0af9c776bc5223556c9140378a7a1ab76d94a7c0.zip |
Bug 725663 - (CVE-2012-0453) [SECURITY] CSRF vulnerability in the XML-RPC API when using mod_perl
r/a=LpSolit
Diffstat (limited to 'Bugzilla/WebService/Constants.pm')
-rw-r--r-- | Bugzilla/WebService/Constants.pm | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index c2eaa0cb2..491970291 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -14,6 +14,7 @@ our @EXPORT = qw( WS_ERROR_CODE ERROR_UNKNOWN_FATAL ERROR_UNKNOWN_TRANSIENT + XMLRPC_CONTENT_TYPE_WHITELIST WS_DISPATCH ); @@ -162,6 +163,8 @@ use constant WS_ERROR_CODE => { unknown_method => -32601, json_rpc_post_only => 32610, json_rpc_invalid_callback => 32611, + xmlrpc_illegal_content_type => 32612, + json_rpc_illegal_content_type => 32613, }; # These are the fallback defaults for errors not in ERROR_CODE. @@ -170,6 +173,11 @@ use constant ERROR_UNKNOWN_TRANSIENT => 32000; use constant ERROR_GENERAL => 999; +use constant XMLRPC_CONTENT_TYPE_WHITELIST => qw( + text/xml + application/xml +); + sub WS_DISPATCH { # We "require" here instead of "use" above to avoid a dependency loop. require Bugzilla::Hook; |