diff options
| author |   Hugo Seabrook <hugo.seabrook@gmail.com> | 2013-02-16 23:23:14 +0100 |
|---|---|---|
| committer |   Frédéric Buclin <LpSolit@gmail.com> | 2013-02-16 23:23:14 +0100 |
| commit | 81c26ce64c05a0c4a7b800f5212412e96fb2e4cc (patch) | |
| tree | 471a9151d25791fc3930f8eabcff5b204f824fbc | |
| parent | Bug 840824: It is possible to create a new bug with a non active target miles... (diff) | |
| download | bugzilla-81c26ce64c05a0c4a7b800f5212412e96fb2e4cc.tar.gz bugzilla-81c26ce64c05a0c4a7b800f5212412e96fb2e4cc.tar.bz2 bugzilla-81c26ce64c05a0c4a7b800f5212412e96fb2e4cc.zip | |
Bug 825758: Most Bugzilla::BugUrl::* modules incorrectly validate the domain name
r/a=LpSolit
| -rw-r--r-- | Bugzilla/BugUrl/Debian.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/BugUrl/GitHub.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/BugUrl/Google.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/BugUrl/Launchpad.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/BugUrl/SourceForge.pm | 2 | ||||
| -rw-r--r-- | extensions/MoreBugUrl/lib/GetSatisfaction.pm | 2 | ||||
| -rw-r--r-- | extensions/MoreBugUrl/lib/PHP.pm | 4 | ||||
| -rw-r--r-- | extensions/MoreBugUrl/lib/RT.pm | 2 |
8 files changed, 9 insertions, 9 deletions
diff --git a/Bugzilla/BugUrl/Debian.pm b/Bugzilla/BugUrl/Debian.pm index 78397bdd9..cce4c25fd 100644 --- a/Bugzilla/BugUrl/Debian.pm +++ b/Bugzilla/BugUrl/Debian.pm @@ -19,7 +19,7 @@ sub should_handle { # Debian BTS URLs can look like various things: # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1234 # http://bugs.debian.org/1234 - return ($uri->authority =~ /^bugs.debian.org$/i + return (lc($uri->authority) eq 'bugs.debian.org' and (($uri->path =~ /bugreport\.cgi$/ and $uri->query_param('bug') =~ m|^\d+$|) or $uri->path =~ m|^/\d+$|)) ? 1 : 0; diff --git a/Bugzilla/BugUrl/GitHub.pm b/Bugzilla/BugUrl/GitHub.pm index 63be65bed..eeffa2ed6 100644 --- a/Bugzilla/BugUrl/GitHub.pm +++ b/Bugzilla/BugUrl/GitHub.pm @@ -18,7 +18,7 @@ sub should_handle { # GitHub issue URLs have only one form: # https://github.com/USER_OR_TEAM_OR_ORGANIZATION_NAME/REPOSITORY_NAME/issues/111 - return ($uri->authority =~ /^github.com$/i + return (lc($uri->authority) eq 'github.com' and $uri->path =~ m|^/[^/]+/[^/]+/issues/\d+$|) ? 1 : 0; } diff --git a/Bugzilla/BugUrl/Google.pm b/Bugzilla/BugUrl/Google.pm index 8b8638c7a..9c49f0dcc 100644 --- a/Bugzilla/BugUrl/Google.pm +++ b/Bugzilla/BugUrl/Google.pm @@ -18,7 +18,7 @@ sub should_handle { # Google Code URLs only have one form: # http(s)://code.google.com/p/PROJECT_NAME/issues/detail?id=1234 - return ($uri->authority =~ /^code.google.com$/i + return (lc($uri->authority) eq 'code.google.com' and $uri->path =~ m|^/p/[^/]+/issues/detail$| and $uri->query_param('id') =~ /^\d+$/) ? 1 : 0; } diff --git a/Bugzilla/BugUrl/Launchpad.pm b/Bugzilla/BugUrl/Launchpad.pm index 87fb71a5d..2ae2c383d 100644 --- a/Bugzilla/BugUrl/Launchpad.pm +++ b/Bugzilla/BugUrl/Launchpad.pm @@ -20,7 +20,7 @@ sub should_handle { # https://bugs.launchpad.net/ubuntu/+bug/1234 # https://launchpad.net/bugs/1234 # All variations end with either "/bugs/1234" or "/+bug/1234" - return ($uri->authority =~ /launchpad.net$/ + return ($uri->authority =~ /launchpad\.net$/ and $uri->path =~ m|bugs?/\d+$|) ? 1 : 0; } diff --git a/Bugzilla/BugUrl/SourceForge.pm b/Bugzilla/BugUrl/SourceForge.pm index 11cdd0ff1..fcc720049 100644 --- a/Bugzilla/BugUrl/SourceForge.pm +++ b/Bugzilla/BugUrl/SourceForge.pm @@ -18,7 +18,7 @@ sub should_handle { # SourceForge tracker URLs have only one form: # http://sourceforge.net/tracker/?func=detail&aid=111&group_id=111&atid=111 - return ($uri->authority =~ /^sourceforge.net$/i + return (lc($uri->authority) eq 'sourceforge.net' and $uri->path =~ m|/tracker/| and $uri->query_param('func') eq 'detail' and $uri->query_param('aid') diff --git a/extensions/MoreBugUrl/lib/GetSatisfaction.pm b/extensions/MoreBugUrl/lib/GetSatisfaction.pm index ff63b10e1..e4548563f 100644 --- a/extensions/MoreBugUrl/lib/GetSatisfaction.pm +++ b/extensions/MoreBugUrl/lib/GetSatisfaction.pm @@ -18,7 +18,7 @@ sub should_handle { # GetSatisfaction URLs only have one form: # http(s)://getsatisfaction.com/PROJECT_NAME/topics/TOPIC_NAME - return ($uri->authority =~ /^getsatisfaction.com$/i + return (lc($uri->authority) eq 'getsatisfaction.com' and $uri->path =~ m|^/[^/]+/topics/[^/]+$|) ? 1 : 0; } diff --git a/extensions/MoreBugUrl/lib/PHP.pm b/extensions/MoreBugUrl/lib/PHP.pm index c8d4e1689..c17a49998 100644 --- a/extensions/MoreBugUrl/lib/PHP.pm +++ b/extensions/MoreBugUrl/lib/PHP.pm @@ -18,8 +18,8 @@ sub should_handle { # PHP Bug URLs have only one form: # https://bugs.php.net/bug.php?id=1234 - return ($uri->authority =~ /^bugs.php.net$/i - and $uri->path =~ m|/bug.php$| + return (lc($uri->authority) eq 'bugs.php.net' + and $uri->path =~ m|/bug\.php$| and $uri->query_param('id') =~ /^\d+$/) ? 1 : 0; } diff --git a/extensions/MoreBugUrl/lib/RT.pm b/extensions/MoreBugUrl/lib/RT.pm index 0d5faa2a8..724c773a2 100644 --- a/extensions/MoreBugUrl/lib/RT.pm +++ b/extensions/MoreBugUrl/lib/RT.pm @@ -19,7 +19,7 @@ sub should_handle { # RT URLs can look like various things: # http://example.com/rt/Ticket/Display.html?id=1234 # https://example.com/Public/Bug/Display.html?id=1234 - return ($uri->path =~ m|/Display.html$| + return ($uri->path =~ m|/Display\.html$| and $uri->query_param('id') =~ /^\d+$/) ? 1 : 0; } |