diff options
| author | Byron Jones <bjones@mozilla.com> | 2012-02-29 12:54:01 +0800 |
|---|---|---|
| committer | Byron Jones <bjones@mozilla.com> | 2012-02-29 12:54:01 +0800 |
| commit | 40e28180ebcc7996ff3c8e1a20439c019d6bd6b6 (patch) | |
| tree | 285e2480782b07e91054d81e35c2e8942512e857 /Bugzilla | |
| parent | ec2e4a0902dcfcde12af568fa40f70bdd6114b0e (diff) | |
| download | bugs-40e28180ebcc7996ff3c8e1a20439c019d6bd6b6.tar bugs-40e28180ebcc7996ff3c8e1a20439c019d6bd6b6.tar.gz bugs-40e28180ebcc7996ff3c8e1a20439c019d6bd6b6.tar.bz2 bugs-40e28180ebcc7996ff3c8e1a20439c019d6bd6b6.tar.xz bugs-40e28180ebcc7996ff3c8e1a20439c019d6bd6b6.zip | |
Bug 731219: Fix XMLRPC breakage when content-type contains a charset
r=dkl, a=LpSolit
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 33a1e92d3..e8fb5de99 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -80,7 +80,10 @@ sub deserialize { my $self = shift; # Only allow certain content types to protect against CSRF attacks - if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) { + my $content_type = lc($ENV{'CONTENT_TYPE'}); + # Remove charset, etc, if provided + $content_type =~ s/^([^;]+);.*/$1/; + if (!grep($_ eq $content_type, XMLRPC_CONTENT_TYPE_WHITELIST)) { ThrowUserError('xmlrpc_illegal_content_type', { content_type => $ENV{'CONTENT_TYPE'} }); } |