Bug 1254542 - Reflected XSS in comment-remo-form-payment.txt page

author Dylan Hardison <dylan@mozilla.com>

Thu, 10 Mar 2016 03:09:53 +0000 (22:09 -0500)

committer Dylan Hardison <dylan@mozilla.com>

Thu, 10 Mar 2016 03:10:17 +0000 (22:10 -0500)
author Dylan Hardison <dylan@mozilla.com>
Thu, 10 Mar 2016 03:09:53 +0000 (22:09 -0500)
committer Dylan Hardison <dylan@mozilla.com>
Thu, 10 Mar 2016 03:10:17 +0000 (22:10 -0500)
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm

index cfa2be909875cb89593f086fcd9efbda87777260..5f41cd3f6a0d093fe375a2fc7b147482a5d85c1d 100644 (file)
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -508,6 +508,7 @@ use constant contenttypes =>
     "csv"  => "text/csv" ,
     "png"  => "image/png" ,
     "ics"  => "text/calendar" ,
+   "txt"  => "text/plain",
    };
  
  # Usage modes. Default USAGE_MODE_BROWSER. Use with Bugzilla->usage_mode.
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm

index 076e654cb3c1114a131cc3fb1e24b7bca95cf199..56ebd9c21399090a692b0d3ffe071aaeb53de1a3 100644 (file)
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -144,7 +144,7 @@ sub get_format {
          'template'    => $template,
          'format'      => $format,
          'extension'   => $ctype,
-        'ctype'       => Bugzilla::Constants::contenttypes->{$ctype}
+        'ctype'       => Bugzilla::Constants::contenttypes->{$ctype} // 'application/octet-stream',
      };
  }
author	Dylan Hardison <dylan@mozilla.com>
	Thu, 10 Mar 2016 03:09:53 +0000 (22:09 -0500)
committer	Dylan Hardison <dylan@mozilla.com>
	Thu, 10 Mar 2016 03:10:17 +0000 (22:10 -0500)
Bugzilla/Constants.pm		patch \| blob \| blame \| history
Bugzilla/Template.pm		patch \| blob \| blame \| history