From 6896e0469c6d9fd22252e2959da8bacb5ca99aa9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= <LpSolit@gmail.com>
Date: Mon, 21 Mar 2016 23:18:07 +0100
Subject: Bug 1255619: CGI scripts should not send duplicated headers r/a=dkl

---
 Bugzilla/CGI.pm         |  5 +++--
 editclassifications.cgi |  2 --
 editgroups.cgi          | 18 ++++--------------
 editkeywords.cgi        | 18 ------------------
 4 files changed, 7 insertions(+), 36 deletions(-)

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 0b8a48697..44c089a20 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -66,7 +66,7 @@ sub new {
             # else we will be redirected outside Bugzilla.
             my $script_name = $self->script_name;
             $path_info =~ s/^\Q$script_name\E//;
-            if ($path_info) {
+            if ($script_name && $path_info) {
                 print $self->redirect($self->url(-path => 0, -query => 1));
             }
         }
@@ -283,7 +283,7 @@ sub close_standby_message {
         print $self->multipart_end();
         print $self->multipart_start(-type => $contenttype);
     }
-    else {
+    elsif (!$self->{_header_done}) {
         print $self->header($contenttype);
     }
 }
@@ -356,6 +356,7 @@ sub header {
     Bugzilla::Hook::process('cgi_headers',
         { cgi => $self, headers => \%headers }
     );
+    $self->{_header_done} = 1;
 
     return $self->SUPER::header(%headers) || "";
 }
diff --git a/editclassifications.cgi b/editclassifications.cgi
index ea4b139da..640b8b8cd 100755
--- a/editclassifications.cgi
+++ b/editclassifications.cgi
@@ -27,7 +27,6 @@ local our $vars = {};
 
 sub LoadTemplate {
     my $action = shift;
-    my $cgi = Bugzilla->cgi;
     my $template = Bugzilla->template;
 
     $vars->{'classifications'} = [Bugzilla::Classification->get_all]
@@ -38,7 +37,6 @@ sub LoadTemplate {
 
     $action =~ /(\w+)/;
     $action = $1;
-    print $cgi->header();
     $template->process("admin/classifications/$action.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
diff --git a/editgroups.cgi b/editgroups.cgi
index 35989b954..f2c915556 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -135,8 +135,7 @@ sub get_current_and_available {
 unless ($action) {
     my @groups = Bugzilla::Group->get_all;
     $vars->{'groups'} = \@groups;
-    
-    print $cgi->header();
+
     $template->process("admin/groups/list.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -155,12 +154,10 @@ if ($action eq 'changeform') {
 
     get_current_and_available($group, $vars);
     $vars->{'group'} = $group;
-    $vars->{'token'}       = issue_session_token('edit_group');
+    $vars->{'token'} = issue_session_token('edit_group');
 
-    print $cgi->header();
     $template->process("admin/groups/edit.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
-
     exit;
 }
 
@@ -172,10 +169,9 @@ if ($action eq 'changeform') {
 
 if ($action eq 'add') {
     $vars->{'token'} = issue_session_token('add_group');
-    print $cgi->header();
+
     $template->process("admin/groups/create.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
-    
     exit;
 }
 
@@ -204,7 +200,6 @@ if ($action eq 'new') {
     get_current_and_available($group, $vars);
     $vars->{'token'} = issue_session_token('edit_group');
 
-    print $cgi->header();
     $template->process("admin/groups/edit.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -228,10 +223,8 @@ if ($action eq 'del') {
     $vars->{'group'} = $group;
     $vars->{'token'} = issue_session_token('delete_group');
 
-    print $cgi->header();
     $template->process("admin/groups/delete.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
-    
     exit;
 }
 
@@ -255,7 +248,6 @@ if ($action eq 'delete') {
     $vars->{'message'} = 'group_deleted';
     $vars->{'groups'} = [Bugzilla::Group->get_all];
 
-    print $cgi->header();
     $template->process("admin/groups/list.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -277,7 +269,6 @@ if ($action eq 'postchanges') {
     $vars->{'changes'} = $changes;
     $vars->{'token'} = issue_session_token('edit_group');
 
-    print $cgi->header();
     $template->process("admin/groups/edit.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -288,6 +279,7 @@ if ($action eq 'confirm_remove') {
     $vars->{'group'} = $group;
     $vars->{'regexp'} = CheckGroupRegexp($cgi->param('regexp'));
     $vars->{'token'} = issue_session_token('remove_group_members');
+
     $template->process('admin/groups/confirm-remove.html.tmpl', $vars)
         || ThrowTemplateError($template->error());
     exit;
@@ -326,10 +318,8 @@ if ($action eq 'remove_regexp') {
     $vars->{'group'} = $group->name;
     $vars->{'groups'} = [Bugzilla::Group->get_all];
 
-    print $cgi->header();
     $template->process("admin/groups/list.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
-
     exit;
 }
 
diff --git a/editkeywords.cgi b/editkeywords.cgi
index 41496f362..01f30dbed 100755
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -24,10 +24,6 @@ my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};
 
-#
-# Preliminary checks:
-#
-
 my $user = Bugzilla->login(LOGIN_REQUIRED);
 
 print $cgi->header();
@@ -47,22 +43,16 @@ $vars->{'action'} = $action;
 if ($action eq "") {
     $vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
 
-    print $cgi->header();
     $template->process("admin/keywords/list.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
-
     exit;
 }
-    
 
 if ($action eq 'add') {
     $vars->{'token'} = issue_session_token('add_keyword');
 
-    print $cgi->header();
-
     $template->process("admin/keywords/create.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
-
     exit;
 }
 
@@ -79,8 +69,6 @@ if ($action eq 'new') {
 
     delete_token($token);
 
-    print $cgi->header();
-
     $vars->{'message'} = 'keyword_created';
     $vars->{'name'} = $keyword->name;
     $vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
@@ -104,7 +92,6 @@ if ($action eq 'edit') {
     $vars->{'keyword'} = $keyword;
     $vars->{'token'} = issue_session_token('edit_keyword');
 
-    print $cgi->header();
     $template->process("admin/keywords/edit.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -128,8 +115,6 @@ if ($action eq 'update') {
 
     delete_token($token);
 
-    print $cgi->header();
-
     $vars->{'message'} = 'keyword_updated';
     $vars->{'keyword'} = $keyword;
     $vars->{'changes'} = $changes;
@@ -147,7 +132,6 @@ if ($action eq 'del') {
     $vars->{'keyword'} = $keyword;
     $vars->{'token'} = issue_session_token('delete_keyword');
 
-    print $cgi->header();
     $template->process("admin/keywords/confirm-delete.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -162,8 +146,6 @@ if ($action eq 'delete') {
 
     delete_token($token);
 
-    print $cgi->header();
-
     $vars->{'message'} = 'keyword_deleted';
     $vars->{'keyword'} = $keyword;
     $vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
-- 
cgit v1.2.1