Bug 60818 - make Bugzilla cope with MIME types with parameters. Patch by gerv, r...

diff --git a/bug_form.pl b/bug_form.pl
index 5938f3aeaed4a8c5cbd5b423ea5dafce1c5d73e3..d3311fee5bdfc161876f8e2ba11acf95515e2118 100644 (file)
--- a/bug_form.pl
+++ b/bug_form.pl
@@ -299,6 +299,7 @@ if (Param('useattachmenttracker')) {
         }
         my $link = "showattachment.cgi?attach_id=$attachid";
         $desc = value_quote($desc);
+        $mimetype = html_quote($mimetype);
         print qq{<td><a href="$link">$date</a></td><td colspan=6>$desc&nbsp;&nbsp;&nbsp;($mimetype)</td></tr><tr><td></td>};
     }
     print "<td colspan=7><a href=\"createattachment.cgi?id=$id\">Create a new attachment</a> (proposed patch, testcase, etc.)</td></tr></table>\n";

diff --git a/createattachment.cgi b/createattachment.cgi
index 619abbd262fdab8317bd90e72dc48c4349faf104..d665e4498e16b958bca8e54297c09f9ed4d3a2b6 100755 (executable)
--- a/createattachment.cgi
+++ b/createattachment.cgi
@@ -84,8 +84,9 @@ What kind of file is this?
     if ($mimetype eq "other") {
         $mimetype = $::FORM{'othertype'};
     }
-    if ($mimetype !~ m@^(\w|-|\+|\.)+/(\w|-|\+|\.)+$@) {
-        PuntTryAgain("You must select a legal mime type.  '<tt>$mimetype</tt>' simply will not do.");
+    if ($mimetype !~ m@^(\w|-|\+|\.)+/(\w|-|\+|\.)+(;.*)?$@) {
+        PuntTryAgain("You must select a legal mime type.  '<tt>" .
+        html_quote($mimetype) . "</tt>' simply will not do.");
     }
     SendSQL("insert into attachments (bug_id, filename, description, mimetype, ispatch, submitter_id, thedata) values ($id," .
             SqlQuote($::FILENAME{'data'}) . ", " . SqlQuote($desc) . ", " .