$answer{'cvsbin'} = '/usr/bin/cvs';
$answer{'diffpath'} = '/usr/bin';
$answer{'interdiffbin'} = '/usr/bin/interdiff';
-$answer{'urlbase'} = 'http://<<HOSTNAME>>:8000/bmo/';
BMO_db_name: bugs
BMO_memcached_servers: localhost:11211
BMO_memcached_namespace: "bugzilla:"
+ BMO_urlbase: AUTOMATIC
+ HTTPD_StartServers: 1
+ HTTPD_MinSpareServers: 1
+ HTTPD_MaxSpareServers: 1
+ HTTPD_ServerLimit: 1
+ HTTPD_MaxClients: 1
+ HTTPD_MaxRequestsPerChild: 4000
mysql_env: &mysql_env
MYSQL_DATABASE: bugs
default_qa_setup: &default_qa_setup
run:
+ name: default qa setup
command: |
mv /opt/bmo/local /app/local
- perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_CONF_FILE
- perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_ANSWERS_FILE
+ perl -MSys::Hostname -i -pE 's/bmo.test/hostname() . ":$ENV{PORT}"/ges' $BZ_QA_CONF_FILE
perl checksetup.pl --no-database --default-localconfig
mkdir artifacts
-t bmo .
- deploy:
command: |
- docker build -t bmo .
if [[ -n "$DOCKERHUB_REPO" && -n "$DOCKER_USER" && -n "$DOCKER_PASS" ]]; then
TAG="${CIRCLE_TAG:-$CIRCLE_BRANCH}"
if [[ $TAG == "master" ]]; then
- run: |
mv /opt/bmo/local /app/local
perl checksetup.pl --no-database
- perl -MSys::Hostname -i -pE 's/bmo.test/hostname().":8000"/ges' $BZ_QA_ANSWERS_FILE
/app/scripts/entrypoint.pl load_test_data
mkdir artifacts
- - run: |
- BZ_BASE_URL="http://$(hostname):$PORT"
- export BZ_BASE_URL
- /app/scripts/entrypoint.pl test_bmo -q -f t/bmo/*.t
+ - run: /app/scripts/entrypoint.pl test_bmo -q -f t/bmo/*.t
- store_artifacts:
path: /app/logs
requires:
- test_sanity
- test_bmo
- - test_webservices
\ No newline at end of file
+ - test_webservices
# heartbeat.cgi returns 200 if the DB and memcached are both working, and 500 otherwise.
RewriteRule ^__heartbeat__$ heartbeat.cgi [L]
+RewriteRule ^robots\.txt$ robots.cgi [L]
+
# New single page interface for filing bugs
RewriteRule ^new[-_]bug$ new_bug.cgi [L,QSA]
#perltidyrc = .perltidyrc
[InputOutput::RequireCheckedSyscalls]
functions = :builtins
-exclude_functions = print say binmode
+exclude_functions = print say sleep binmode
[-BuiltinFunctions::ProhibitUselessTopic]
[-ControlStructures::ProhibitCascadingIfElse]
[-Modules::RequireVersionVar]
[-References::ProhibitDoubleSigils]
[-RegularExpressions::ProhibitComplexRegexes]
+[-RegularExpressions::RequireDotMatchAnything]
+[-RegularExpressions::RequireLineBoundaryMatching]
[-RegularExpressions::RequireExtendedFormatting]
[-Subroutines::ProhibitExcessComplexity]
[-ValuesAndExpressions::ProhibitConstantPragma]
[-ValuesAndExpressions::ProhibitEmptyQuotes]
[-ValuesAndExpressions::ProhibitMagicNumbers]
+[-ValuesAndExpressions::ProhibitNoisyQuotes]
+[-ValuesAndExpressions::ProhibitNoisyQuotes]
[-ValuesAndExpressions::ProhibitVersionStrings]
[-Variables::ProhibitLocalVars]
[-Variables::ProhibitPackageVars]
-[-ValuesAndExpressions::ProhibitNoisyQuotes]
# this policy is broken currently
[-Freenode::PackageMatchesFilename]
my $self_url = trim($cgi->self_url);
my $sig_type = 'prev_url:' . $authenticated_user->id;
my $self_url_sig = issue_hash_sig($sig_type, $self_url);
- my $redir_url = URI->new( correct_urlbase() . "reset_password.cgi" );
+ my $redir_url = URI->new( Bugzilla->localconfig->{urlbase} . "reset_password.cgi" );
$redir_url->query_form(prev_url => $self_url, prev_url_sig => $self_url_sig);
print $cgi->redirect($redir_url);
exit;
# Attachments are served from a separate host (ideally), and so
# an evil attachment cannot abuse this check with a redirect.
elsif (my $referer = $cgi->referer) {
- my $urlbase = correct_urlbase();
+ my $urlbase = Bugzilla->localconfig->{urlbase};
$valid = 1 if $referer =~ /^\Q$urlbase\E/;
}
# If the web browser doesn't accept cookies and the Referer header
sub local_uri {
my ($self, $bug_id) = @_;
$bug_id ||= '';
- return correct_urlbase() . "show_bug.cgi?id=$bug_id";
+ return Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$bug_id";
}
1;
# Because show_bug code lives in many different .cgi files,
# we needed a centralized place to define the policy.
# normally the policy would just live in one .cgi file.
-# Additionally, correct_urlbase() cannot be called at compile time, so this can't be a constant.
+# Additionally, Bugzilla->localconfig->{urlbase} cannot be called at compile time, so this can't be a constant.
sub SHOW_BUG_MODAL_CSP {
my ($bug_id) = @_;
my %policy = (
script_src => ['self', 'nonce', 'unsafe-inline', 'unsafe-eval', 'https://www.google-analytics.com' ],
- object_src => [correct_urlbase() . "extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf"],
+ object_src => [Bugzilla->localconfig->{urlbase} . "extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf"],
img_src => [ 'self', 'https://secure.gravatar.com', 'https://www.google-analytics.com' ],
connect_src => [
'self',
],
);
if (use_attachbase() && $bug_id) {
- my $attach_base = Bugzilla->params->{'attachment_base'};
+ my $attach_base = Bugzilla->localconfig->{'attachment_base'};
$attach_base =~ s/\%bugid\%/$bug_id/g;
push @{ $policy{img_src} }, $attach_base;
}
# Send appropriate charset
$self->charset(Bugzilla->params->{'utf8'} ? 'UTF-8' : '');
- # Redirect to urlbase/sslbase if we are not viewing an attachment.
+ # Redirect to urlbase if we are not viewing an attachment.
if ($self->url_is_attachment_base and $script ne 'attachment.cgi') {
$self->redirect_to_urlbase();
}
sub target_uri {
my ($self) = @_;
- my $base = correct_urlbase();
+ my $base = Bugzilla->localconfig->{urlbase};
if (my $request_uri = $self->request_uri) {
my $base_uri = URI->new($base);
$base_uri->path('');
}
# Add the default path and the domain in.
- $paramhash{'-path'} = Bugzilla->params->{'cookiepath'};
- $paramhash{'-domain'} = Bugzilla->params->{'cookiedomain'}
- if Bugzilla->params->{'cookiedomain'};
+ state $uri = URI->new( Bugzilla->localconfig->{urlbase} );
+ $paramhash{'-path'} = $uri->path;
+ # we don't set the domain.
$paramhash{'-secure'} = 1
- if Bugzilla->params->{'ssl_redirect'};
+ if lc( $uri->scheme ) eq 'https';
+
# Move the param list back into an array for the call to cookie().
foreach (keys(%paramhash)) {
sub redirect_to_https {
my $self = shift;
- my $sslbase = Bugzilla->params->{'sslbase'};
+ my $urlbase = Bugzilla->localconfig->{'urlbase'};
+
# If this is a POST, we don't want ?POSTDATA in the query string.
# We expect the client to re-POST, which may be a violation of
# the HTTP spec, but the only time we're expecting it often is
# in the WebService, and WebService clients usually handle this
# correctly.
$self->delete('POSTDATA');
- my $url = $sslbase . $self->url('-path_info' => 1, '-query' => 1,
+ my $url = $urlbase . $self->url('-path_info' => 1, '-query' => 1,
'-relative' => 1);
# XML-RPC clients (SOAP::Lite at least) require a 301 to redirect properly
sub redirect_to_urlbase {
my $self = shift;
my $path = $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1);
- print $self->redirect('-location' => correct_urlbase() . $path);
+ print $self->redirect('-location' => Bugzilla->localconfig->{urlbase} . $path);
exit;
}
sub url_is_attachment_base {
my ($self, $id) = @_;
return 0 if !use_attachbase() or !i_am_cgi();
- my $attach_base = Bugzilla->params->{'attachment_base'};
+ my $attach_base = Bugzilla->localconfig->{'attachment_base'};
# If we're passed an id, we only want one specific attachment base
# for a particular bug. If we're not passed an ID, we just want to
# know if our current URL matches the attachment_base *pattern*.
=item C<redirect_to_https>
-This routine redirects the client to the https version of the page that
-they're looking at, using the C<sslbase> parameter for the redirection.
-
Generally you should use L<Bugzilla::Util/do_ssl_redirect_if_required>
instead of calling this directly.
our $sortkey = 1700;
use constant get_param_list => (
- {
- name => 'cookiedomain',
- type => 't',
- default => ''
- },
-
{
name => 'inbound_proxies',
type => 't',
type => 'b',
default => 0
},
- {
- name => 'attachment_base',
- type => 't',
- default => '',
- checker => \&check_urlbase
- },
{
name => 'allow_attachment_deletion',
type => 'b',
sub check_params {
my ( $class, $params ) = @_;
- return unless $params->{attachment_storage} eq 's3';
+ return '' unless $params->{attachment_storage} eq 's3';
if ( $params->{s3_bucket} eq ''
|| $params->{aws_access_key_id} eq ''
use base qw(Exporter);
@Bugzilla::Config::Common::EXPORT = qw(
check_multi check_numeric check_regexp check_url check_group
- check_sslbase check_priority check_severity check_platform
+ check_priority check_severity check_platform
check_opsys check_shadowdb check_urlbase check_webdotbase
check_user_verify_class
check_mail_delivery_method check_notification check_utf8
return "";
}
-sub check_sslbase {
- my $url = shift;
- if ( $url ne '' ) {
- if ( $url !~ m#^https://([^/]+).*/$# ) {
- return "must be a legal URL, that starts with https and ends with a slash.";
- }
- my $host = $1;
-
- # Fall back to port 443 if for some reason getservbyname() fails.
- my $port = getservbyname( 'https', 'tcp' ) || 443;
- if ( $host =~ /^(.+):(\d+)$/ ) {
- $host = $1;
- $port = $2;
- }
- local *SOCK;
- my $proto = getprotobyname('tcp');
- socket( SOCK, PF_INET, SOCK_STREAM, $proto );
- my $iaddr = inet_aton($host) || return "The host $host cannot be resolved";
- my $sin = sockaddr_in( $port, $iaddr );
- if ( !connect( SOCK, $sin ) ) {
- return "Failed to connect to $host:$port; unable to enable SSL";
- }
- close(SOCK);
- }
- return "";
-}
sub check_utf8 {
my $utf8 = shift;
+++ /dev/null
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# This Source Code Form is "Incompatible With Secondary Licenses", as
-# defined by the Mozilla Public License, v. 2.0.
-
-package Bugzilla::Config::Core;
-
-use 5.10.1;
-use strict;
-use warnings;
-
-use Bugzilla::Config::Common;
-
-our $sortkey = 100;
-
-use constant get_param_list => (
- {
- name => 'urlbase',
- type => 't',
- default => '',
- checker => \&check_urlbase
- },
-
- {
- name => 'ssl_redirect',
- type => 'b',
- default => 0
- },
-
- {
- name => 'sslbase',
- type => 't',
- default => '',
- checker => \&check_sslbase
- },
-
- {
- name => 'cookiepath',
- type => 't',
- default => '/'
- },
-);
-
-1;
"skins/yui3.css" => { perms => CGI_READ,
overwrite => 1,
contents => $yui3_all_css },
- "robots.txt" => { perms => CGI_READ,
- overwrite => 1,
- contents => \&robots_txt},
"httpd/env.conf" => { perms => CGI_READ,
overwrite => 1,
contents => \&HTTPD_ENV_CONF },
return $group_id;
}
-sub robots_txt {
- my $output = '';
- my %vars;
- Bugzilla::Hook::process("before_robots_txt", { vars => \%vars });
- Bugzilla->template->process("robots.txt.tmpl", \%vars, \$output)
- or die Bugzilla->template->error;
- return $output;
-}
-
1;
use Safe;
use Term::ANSIColor;
use Taint::Util qw(untaint);
+use Sys::Hostname qw(hostname);
use parent qw(Exporter);
},
{
name => 'diffpath',
- default => sub { dirname(bin_loc('diff')) },
+ default => sub { dirname( bin_loc('diff') ) },
},
{
- name => 'site_wide_secret',
+ name => 'site_wide_secret',
+
# 64 characters is roughly the equivalent of a 384-bit key, which
# is larger than anybody would ever be able to brute-force.
default => sub { generate_random_password(64) },
},
{
name => 'memcached_servers',
- default => _migrate_param("memcached_servers", ""),
+ default => _migrate_param( "memcached_servers", "" ),
},
{
name => 'memcached_namespace',
- default => _migrate_param("memcached_namespace", "bugzilla:"),
+ default => _migrate_param( "memcached_namespace", "bugzilla:" ),
+ },
+ {
+ name => 'urlbase',
+ default => _migrate_param( "urlbase", "" ),
},
+ {
+ name => 'attachment_base',
+ default => _migrate_param( "attachment_base", '' ),
+ }
);
+
use constant ENV_KEYS => (
(map { ENV_PREFIX . $_->{name} } LOCALCONFIG_VARS),
(map { ENV_PREFIX . $_ } PARAM_OVERRIDE),
# We add this header to uniquely identify all email that we
# send as coming from this Bugzilla installation.
#
- # We don't use correct_urlbase, because we want this URL to
- # *always* be the same for this Bugzilla, in every email,
- # even if the admin changes the "ssl_redirect" parameter some day.
- $email->header_set('X-Bugzilla-URL', Bugzilla->params->{'urlbase'});
+ $email->header_set('X-Bugzilla-URL', Bugzilla->localconfig->{urlbase});
# We add this header to mark the mail as "auto-generated" and
# thus to hopefully avoid auto replies.
else {
# Sendmail will automatically append our hostname to the From
# address, but other mailers won't.
- my $urlbase = Bugzilla->params->{'urlbase'};
+ my $urlbase = Bugzilla->localconfig->{urlbase};
$urlbase =~ m|//([^:/]+)[:/]?|;
$hostname = $1;
$from .= "\@$hostname" if $from !~ /@/;
$user_id = Bugzilla->user->id;
}
- my $sitespec = '@' . Bugzilla->params->{'urlbase'};
+ my $sitespec = '@' . Bugzilla->localconfig->{urlbase};
$sitespec =~ s/:\/\//\./; # Make the protocol look like part of the domain
$sitespec =~ s/^([^:\/]+):(\d+)/$1/; # Remove a port number, to relocate
if ($2) {
my $modified_query_string = $cgi->canonicalise_query(@params_to_strip);
if ($cgi->param('load')) {
- my $urlbase = correct_urlbase();
+ my $urlbase = Bugzilla->localconfig->{urlbase};
# Param 'load' asks us to display the query in the advanced search form.
print $cgi->redirect(-uri => "${urlbase}query.cgi?format=advanced&"
. $modified_query_string);
if ($searchstring !~ /,/ && !i_am_webservice()) {
# Single bug number; shortcut to show_bug.cgi.
print $cgi->redirect(
- -uri => correct_urlbase() . "show_bug.cgi?id=$searchstring");
+ -uri => Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$searchstring");
exit;
}
else {
if ($bug_id && Bugzilla->user->can_see_bug($bug_id) && !i_am_webservice()) {
$alias = url_quote($alias);
print Bugzilla->cgi->redirect(
- -uri => correct_urlbase() . "show_bug.cgi?id=$alias");
+ -uri => Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=$alias");
exit;
}
}
}
# Provide tooltips for full bug links (Bug 74355)
- my $urlbase_re = '(' . join('|',
- map { qr/$_/ } grep($_, Bugzilla->params->{'urlbase'},
- Bugzilla->params->{'sslbase'})) . ')';
+ my $urlbase_re = quotemeta(Bugzilla->localconfig->{urlbase});
$text =~ s~\b(${urlbase_re}\Qshow_bug.cgi?id=\E([0-9]+)(\#c([0-9]+))?)\b
~($things[$count++] = $bug_link_func->($3, $1, { comment_num => $5, user => $user })) &&
("\x{FDD2}" . ($count-1) . "\x{FDD3}")
'sudoer' => sub { return Bugzilla->sudoer; },
# Allow templates to access the "corect" URLBase value
- 'urlbase' => sub { return Bugzilla::Util::correct_urlbase(); },
+ 'urlbase' => sub { return Bugzilla->localconfig->{urlbase}; },
# Allow templates to access docs url with users' preferred language
'docs_urlbase' => sub {
# (doing so can mess up XML-RPC).
sub do_ssl_redirect_if_required {
return if !i_am_cgi();
- return if !Bugzilla->params->{'ssl_redirect'};
-
- my $sslbase = Bugzilla->params->{'sslbase'};
+ my $uri = URI->new(Bugzilla->localconfig->{'urlbase'});
+ return if $uri->scheme ne 'https';
# If we're already running under SSL, never redirect.
- return if uc($ENV{HTTPS} || '') eq 'ON';
- # Never redirect if there isn't an sslbase.
- return if !$sslbase;
+ return if $ENV{HTTPS} && $ENV{HTTPS} eq 'on';
Bugzilla->cgi->redirect_to_https();
}
-sub correct_urlbase {
- my $ssl = Bugzilla->params->{'ssl_redirect'};
- my $urlbase = Bugzilla->params->{'urlbase'};
- my $sslbase = Bugzilla->params->{'sslbase'};
-
- if (!$sslbase) {
- return $urlbase;
- }
- elsif ($ssl) {
- return $sslbase;
- }
- else {
- # Return what the user currently uses.
- return (uc($ENV{HTTPS} || '') eq 'ON') ? $sslbase : $urlbase;
- }
-}
-
# Returns the real remote address of the client,
sub remote_ip {
my $remote_ip = $ENV{'REMOTE_ADDR'} || '127.0.0.1';
}
sub use_attachbase {
- my $attachbase = Bugzilla->params->{'attachment_base'};
- return ($attachbase ne ''
- && $attachbase ne Bugzilla->params->{'urlbase'}
- && $attachbase ne Bugzilla->params->{'sslbase'}) ? 1 : 0;
+ my $attachbase = Bugzilla->localconfig->{'attachment_base'};
+ my $urlbase = Bugzilla->localconfig->{'urlbase'};
+ return ($attachbase ne '' && $attachbase ne $urlbase);
}
sub diff_arrays {
# Functions that tell you about your environment
my $is_cgi = i_am_cgi();
my $is_webservice = i_am_webservice();
- my $urlbase = correct_urlbase();
+ my $urlbase = Bugzilla->localconfig->{urlbase};
# Data manipulation
($removed, $added) = diff_arrays(\@old, \@new);
Tells you whether or not the current usage mode is WebServices related
such as JSONRPC or XMLRPC.
-=item C<correct_urlbase()>
-
-Returns either the C<sslbase> or C<urlbase> parameter, depending on the
-current setting for the C<ssl_redirect> parameter.
-
=item C<remote_ip()>
Returns the IP address of the remote client. If Bugzilla is behind
# order to throw proper errors. We use the installation's urlbase as
# the id, in this case.
else {
- $id = correct_urlbase();
+ $id = Bugzilla->localconfig->{urlbase};
}
# Setting _bz_request_id here is required in case we throw errors early,
# before _handle.
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Hook;
-use Bugzilla::Util qw(correct_urlbase html_quote disable_utf8 enable_utf8);
+use Bugzilla::Util qw(html_quote disable_utf8 enable_utf8);
use Bugzilla::WebService::Constants;
use Bugzilla::WebService::Util qw(taint_data fix_credentials);
# also set up the correct handler method
my $obj = {
version => '1.1',
- id => correct_urlbase(),
+ id => Bugzilla->localconfig->{urlbase},
method => $self->bz_method_name,
params => $params
};
BUGZILLA_UNSAFE_AUTH_DELEGATION
This should never be set in production. It allows auth delegation over http.
+BMO_urlbase
+ The public url for this instance. Note that if this begins with https://
+ abd BMO_inbound_proxies is set to '*' Bugzilla will believe the connection to it
+ is using SSL.
+
+BMO_attachment_base
+ This is the url for attachments.
+ When the allow_attachment_display parameter is on, it is possible for a
+ malicious attachment to steal your cookies or perform an attack on Bugzilla
+ using your credentials.
+
+ If you would like additional security on attachments to avoid this, set this
+ parameter to an alternate URL for your Bugzilla that is not the same as
+ urlbase or sslbase. That is, a different domain name that resolves to this
+ exact same Bugzilla installation.
+
+ For added security, you can insert %bugid% into the URL, which will be
+ replaced with the ID of the current bug that the attachment is on, when you
+ access an attachment. This will limit attachments to accessing only other
+ attachments on the same bug. Remember, though, that all those possible domain
+ names (such as 1234.your.domain.com) must point to this same Bugzilla
+ instance.
+
BMO_db_driver
What SQL database to use. Default is mysql. List of supported databases can be
obtained by listing Bugzilla/DB directory - every module corresponds to one
'Bug updates are currently disabled.');
}
-# You must use the appropriate urlbase/sslbase param when doing anything
+# You must use the appropriate urlbase param when doing anything
# but viewing an attachment, or a raw diff.
if ($action ne 'view'
&& (($action !~ /^(?:interdiff|diff)$/) || $format ne 'raw'))
}
unless ($userid && $valid_token) {
# Not a valid token.
- print $cgi->redirect('-location' => correct_urlbase() . $path);
+ print $cgi->redirect('-location' => Bugzilla->localconfig->{urlbase} . $path);
exit;
}
# Change current user without creating cookies.
# make sure we were not going to request credentials on the
# alternate host.
Bugzilla->login();
- my $attachbase = Bugzilla->params->{'attachment_base'};
+ my $attachbase = Bugzilla->localconfig->{'attachment_base'};
# Replace %bugid% by the ID of the bug the attachment
# belongs to, if present.
$attachbase =~ s/\%bugid\%/$bug_id/;
Bugzilla::Hook::process('attachment_should_redirect_login', { do_redirect => \$do_redirect });
if ($do_redirect) {
- my $uri = URI->new(correct_urlbase() . 'attachment.cgi');
+ my $uri = URI->new(Bugzilla->localconfig->{urlbase} . 'attachment.cgi');
$uri->query_param(id => $attachment->id);
$uri->query_param(content_type => $contenttype) if $contenttype_override;
$url = $params->canonicalise_query('format', 'query_format');
$url = '&' . html_quote($url);
}
- print $cgi->redirect(-location => correct_urlbase() . "query.cgi?format=create-series$url");
+ print $cgi->redirect(-location => Bugzilla->localconfig->{urlbase} . "query.cgi?format=create-series$url");
}
else {
ThrowUserError('unknown_action', {action => $action});
}
my $lc_hash = Bugzilla->localconfig;
+unless ($switch{'no-database'}) {
+ die "urlbase is not set\n" unless $lc_hash->{urlbase};
+ die "urlbase must end with slash\n" unless $lc_hash->{urlbase} =~ m{/$}ms;
+ if ($lc_hash->{attachment_base}) {
+ die "attachment_base must end with slash\n" unless $lc_hash->{attachment_base} =~ m{/$}ms;
+ }
+}
+
###########################################################################
# Check --DATABASE-- setup
###########################################################################
# Reset the mod_perl pre-load list
unlink(Bugzilla::Constants::bz_locations()->{datadir} . '/mod_perl_preload');
- # Check if the default parameter for urlbase is still set, and if so, give
- # notification that they should go and visit editparams.cgi
- if (Bugzilla->params->{'urlbase'} eq '') {
- print "\n" . get_text('install_urlbase_default') . "\n"
- unless $silent;
- }
if (!$silent) {
success(get_text('install_success'));
}
.. _param-required-settings:
-Required Settings
-=================
-
-The core required parameters for any Bugzilla installation are set
-here. :param:`urlbase` is always required; the other parameters should be
-set, or it must be explicitly decided not to
-set them, before the new Bugzilla installation starts to be used.
-
-urlbase
- Defines the fully qualified domain name and web
- server path to this Bugzilla installation.
- For example, if the Bugzilla query page is
- :file:`http://www.foo.com/bugzilla/query.cgi`,
- the :param:`urlbase` should be set
- to :paramval:`http://www.foo.com/bugzilla/`.
-
-ssl_redirect
- If enabled, Bugzilla will force HTTPS (SSL) connections, by
- automatically redirecting any users who try to use a non-SSL
- connection. Also, when this is enabled, Bugzilla will send out links
- using :param:`sslbase` in emails instead of :param:`urlbase`.
-
-sslbase
- Defines the fully qualified domain name and web
- server path for HTTPS (SSL) connections to this Bugzilla installation.
- For example, if the Bugzilla main page is
- :file:`https://www.foo.com/bugzilla/index.cgi`,
- the :param:`sslbase` should be set
- to :paramval:`https://www.foo.com/bugzilla/`.
-
-cookiepath
- Defines a path, relative to the web document root, that Bugzilla
- cookies will be restricted to. For example, if the
- :param:`urlbase` is set to
- :file:`http://www.foo.com/bugzilla/`, the
- :param:`cookiepath` should be set to
- :paramval:`/bugzilla/`. Setting it to :paramval:`/` will allow all sites
- served by this web server or virtual host to read Bugzilla cookies.
-
-.. _param-general:
-
General
=======
allow_attachment_display
If this option is on, users will be able to view attachments from their browser, if their browser supports the attachment's MIME type. If this option is off, users are forced to download attachments, even if the browser is able to display them.
- If you do not trust your users (e.g. if your Bugzilla is public), you should either leave this option off, or configure and set the :param:`attachment_base` parameter (see below). Untrusted users may upload attachments that could be potentially damaging if viewed directly in the browser.
-
-attachment_base
- When the :param:`allow_attachment_display` parameter is on, it is possible for a malicious attachment to steal your cookies or perform an attack on Bugzilla using your credentials.
-
- If you would like additional security on attachments to avoid this, set this parameter to an alternate URL for your Bugzilla that is not the same as :param:`urlbase` or :param:`sslbase`. That is, a different domain name that resolves to this exact same Bugzilla installation.
-
- Note that if you have set the :param:`cookiedomain` parameter, you should set :param:`attachment_base` to use a domain that would not be matched by :param:`cookiedomain`.
-
- For added security, you can insert ``%bugid%`` into the URL, which will be replaced with the ID of the current bug that the attachment is on, when you access an attachment. This will limit attachments to accessing only other attachments on the same bug. Remember, though, that all those possible domain names (such as 1234.your.domain.com) must point to this same Bugzilla instance. To set this up you need to investigate wildcard DNS.
+ If you do not trust your users (e.g. if your Bugzilla is public), you should either leave this option off, or configure and set the attachment_base localconfig variable. Untrusted users may upload attachments that could be potentially damaging if viewed directly in the browser.
allow_attachment_deletion
If this option is on, administrators will be able to delete the contents
Advanced
========
-cookiedomain
- Defines the domain for Bugzilla cookies. This is typically left blank.
- If there are multiple hostnames that point to the same webserver, which
- require the same cookie, then this parameter can be utilized. For
- example, If your website is at
- ``https://bugzilla.example.com/``, setting this to
- :paramval:`.example.com/` will also allow
- ``attachments.example.com/`` to access Bugzilla cookies.
-
inbound_proxies
When inbound traffic to Bugzilla goes through a proxy, Bugzilla thinks that the IP address of the proxy is the IP address of every single user. If you enter a comma-separated list of IPs in this parameter, then Bugzilla will trust any ``X-Forwarded-For`` header sent from those IPs, and use the value of that header as the end user's IP address.
my $action = trim($cgi->param('action') || '');
my $token = $cgi->param('token');
-my $current_panel = $cgi->param('section') || 'core';
+my $current_panel = $cgi->param('section') || 'general';
$current_panel =~ /^([A-Za-z0-9_-]+)$/;
$current_panel = $1;
# Create an IT bug so Mozilla's DBAs so they can update the grants for metrics
- if (Bugzilla->params->{'urlbase'} ne 'https://bugzilla.mozilla.org/'
- && Bugzilla->params->{'urlbase'} ne 'https://bugzilla.allizom.org/')
+ if (Bugzilla->localconfig->{'urlbase'} ne 'https://bugzilla.mozilla.org/'
+ && Bugzilla->localconfig->{'urlbase'} ne 'https://bugzilla.allizom.org/')
{
return;
}
my $contribute = eval {
$json->decode(scalar read_file(bz_locations()->{cgi_path} . "/contribute.json"));
};
- my $commit = $ENV{CIRCLE_SHA1};
- unless ($commit) {
- $commit = `git rev-parse HEAD`;
- chomp $commit;
- }
if (!$contribute) {
die "Missing or invalid contribute.json file";
my $version_obj = {
source => $contribute->{repository}{url},
version => BUGZILLA_VERSION,
- commit => $commit // "unknown",
- build => $ENV{CIRCLE_BUILD_NUM} // "unknown",
+ commit => $ENV{CIRCLE_SHA1} // 'unknown',
+ build => $ENV{CIRCLE_BUILD_NUM} // 'unknown',
};
$create_files->{'version.json'} = {
use Bugzilla::Extension::BMO::Util;
use Bugzilla::Field;
use Bugzilla::FlagType;
-use Bugzilla::Util qw(correct_urlbase trick_taint validate_date);
+use Bugzilla::Util qw(trick_taint validate_date);
use JSON qw(-convert_blessed_universally);
use List::MoreUtils qw(uniq);
my $bugs = $dbh->selectcol_arrayref($query, undef, @params);
push @$bugs, 0 unless @$bugs;
- my $urlbase = correct_urlbase();
+ my $urlbase = Bugzilla->localconfig->{urlbase};
my $cgi = Bugzilla->cgi;
print $cgi->redirect(
-url => "${urlbase}buglist.cgi?bug_id=" . join(',', @$bugs)
use Bugzilla::Error;
use Bugzilla::Search;
use Bugzilla::Search::Quicksearch;
-use Bugzilla::Util 'correct_urlbase';
+use Bugzilla::Util ();
use Bugzilla::WebService::Util 'validate';
use JSON;
use LWP::UserAgent;
my $uri = URI->new($url);
$uri->query(undef);
$uri->fragment(undef);
- if ($uri->as_string ne correct_urlbase() . 'buglist.cgi') {
+ if ($uri->as_string ne Bugzilla->localconfig->{urlbase} . 'buglist.cgi') {
ThrowUserError('bitly_unsupported');
}
my $data = $search->data;
# form a bug_id only url, sanity check the length
- $uri = URI->new(correct_urlbase() . 'buglist.cgi?bug_id=' . join(',', map { $_->[0] } @$data));
+ $uri = URI->new(Bugzilla->localconfig->{urlbase} . 'buglist.cgi?bug_id=' . join(',', map { $_->[0] } @$data));
if (length($uri->as_string) > CGI_URI_LIMIT) {
ThrowUserError('bitly_failure', { message => "Too many bugs returned by search" });
}
# split see-also
if ($change->{fieldname} eq 'see_also') {
- my $url_base = correct_urlbase();
+ my $url_base = Bugzilla->localconfig->{urlbase};
foreach my $f (qw( added removed )) {
my @values;
foreach my $value (split(/, /, $change->{$f})) {
use Bugzilla::Product;
use Bugzilla::Status;
use Bugzilla::Field;
-use Bugzilla::Util qw(correct_urlbase);
+use Bugzilla::Util ();
use Bugzilla::Extension::BzAPI::Constants;
sub get_empty {
my ($self) = @_;
return {
- ref => $self->type('string', correct_urlbase() . "bzapi/"),
+ ref => $self->type('string', Bugzilla->localconfig->{urlbase} . "bzapi/"),
documentation => $self->type('string', BZAPI_DOC),
version => $self->type('string', BUGZILLA_VERSION)
};
use Bugzilla::Constants;
use Bugzilla::Extension::BzAPI::Constants;
use Bugzilla::Token;
-use Bugzilla::Util qw(correct_urlbase email_filter);
+use Bugzilla::Util qw(email_filter);
use Bugzilla::WebService::Util qw(filter_wants);
use MIME::Base64;
# Return an URL base appropriate for constructing a ref link
# normally required by REST API calls.
sub ref_urlbase {
- return correct_urlbase() . "bzapi";
+ return Bugzilla->localconfig->{urlbase} . "bzapi";
}
# convert certain fields within a bug object
use Digest;
use Bugzilla::Extension::GitHubAuth::Client::Error qw(ThrowUserError ThrowCodeError);
-use Bugzilla::Util qw(remote_ip correct_urlbase);
+use Bugzilla::Util qw(remote_ip);
use constant DIGEST_HASH => 'SHA1';
sub login_uri {
my ($class, $target_uri) = @_;
- my $uri = URI->new(correct_urlbase() . "github.cgi");
+ my $uri = URI->new(Bugzilla->localconfig->{urlbase} . "github.cgi");
$uri->query_form(target_uri => $target_uri);
return $uri;
}
client_id => Bugzilla->params->{github_client_id},
scope => 'user:email',
state => $state,
- redirect_uri => correct_urlbase() . "github.cgi",
+ redirect_uri => Bugzilla->localconfig->{urlbase} . "github.cgi",
);
return $uri;
use Scalar::Util qw(blessed);
use Bugzilla::Constants qw(AUTH_NODATA AUTH_ERROR USAGE_MODE_BROWSER);
-use Bugzilla::Util qw(trick_taint correct_urlbase generate_random_password);
+use Bugzilla::Util qw(trick_taint generate_random_password);
use Bugzilla::Token qw(issue_short_lived_session_token set_token_extra_data);
use List::MoreUtils qw(any);
use Bugzilla::Extension::GitHubAuth::Client;
return sub {
my $email = shift;
- my $uri = URI->new(correct_urlbase() . "github.cgi");
+ my $uri = URI->new(Bugzilla->localconfig->{urlbase} . "github.cgi");
$uri->query_form( state => $state, email => $email );
return $uri;
};
use Bugzilla::User::Setting;
use Bugzilla::Constants;
use Bugzilla::Attachment;
-use Bugzilla::Util 'correct_urlbase';
+use Bugzilla::Util ();
our $VERSION = '1.5';
# split see-also
if ($change->{fieldname} eq 'see_also') {
- my $url_base = correct_urlbase();
+ my $url_base = Bugzilla->localconfig->{urlbase};
foreach my $f (qw( added removed )) {
my @values;
foreach my $value (split(/, /, $change->{$f})) {
$cgi->delete('token');
check_hash_token($token, ['login']);
- my $urlbase = new URI(correct_urlbase());
+ my $urlbase = new URI(Bugzilla->localconfig->{urlbase});
my $audience = $urlbase->scheme . "://" . $urlbase->host_port;
my $ua = new LWP::UserAgent( timeout => 10 );
use Bugzilla::Error;
use Bugzilla::Extension::Push::Util qw(is_public);
use Bugzilla::User;
-use Bugzilla::Util qw(correct_urlbase detaint_natural);
+use Bugzilla::Util qw(detaint_natural);
use Bugzilla::WebService::Constants;
use Bugzilla::Extension::PhabBugz::Constants;
return {
result => $result,
attachment_id => $attachment->id,
- attachment_link => correct_urlbase() . "attachment.cgi?id=" . $attachment->id
+ attachment_link => Bugzilla->localconfig->{urlbase} . "attachment.cgi?id=" . $attachment->id
};
}
if ($self->config->{queue}) {
$self->{queue_name} = $self->config->{queue};
} else {
- my $queue_name = Bugzilla->params->{'urlbase'};
+ my $queue_name = Bugzilla->localconfig->{'urlbase'};
$queue_name =~ s#^https?://##;
$queue_name =~ s#/$#|#;
$queue_name .= generate_random_password(16);
$request->content(to_json($data));
$request->authorization_basic($self->config->{service_now_user}, $self->config->{service_now_pass});
- $self->{lwp} ||= LWP::UserAgent->new(agent => Bugzilla->params->{urlbase});
+ $self->{lwp} ||= LWP::UserAgent->new(agent => Bugzilla->localconfig->{urlbase});
my $result = $self->{lwp}->request($request);
# http level errors
use Bugzilla::Extension::Push::Util;
use Bugzilla::Bug;
use Bugzilla::Attachment;
-use Bugzilla::Util qw(correct_urlbase);
+use Bugzilla::Util ();
use JSON qw(decode_json encode_json);
use LWP::UserAgent;
}
}
}
- $text .= correct_urlbase() . "show_bug.cgi?id=" . $bug->id;
+ $text .= Bugzilla->localconfig->{urlbase} . "show_bug.cgi?id=" . $bug->id;
my $room_id = $self->config->{spark_room_id};
my $message_uri = $self->_spark_uri('messages');
use Bugzilla::Group;
use Bugzilla::Object;
use Bugzilla::User;
-use Bugzilla::Util qw(correct_urlbase trim trick_taint is_7bit_clean);
+use Bugzilla::Util qw(trim trick_taint is_7bit_clean);
use Bugzilla::Error;
use Bugzilla::Mailer;
my $message;
my $email_type = $email->header('X-Bugzilla-Type');
my $vars = {
- 'urlbase' => correct_urlbase(),
+ 'urlbase' => Bugzilla->localconfig->{urlbase},
'bug_id' => $bug_id,
'maintainer' => Bugzilla->params->{'maintainer'},
'email_type' => $email_type
Data => $encrypted,
Object => 'MESSAGE',
Headers => {
- Comment => correct_urlbase() . ($bug_id ? 'show_bug.cgi?id=' . $bug_id : ''),
+ Comment => Bugzilla->localconfig->{urlbase} . ($bug_id ? 'show_bug.cgi?id=' . $bug_id : ''),
},
);
# until Crypt::OpenPGP makes the Version header optional we have to strip
our $VERSION = '1.0';
use Bugzilla::Constants qw(bz_locations ON_WINDOWS);
-use Bugzilla::Util qw(correct_urlbase get_text);
+use Bugzilla::Util qw(get_text);
use Bugzilla::Install::Filesystem;
use Bugzilla::Extension::SiteMapIndex::Constants;
sub install_before_final_checks {
my ($self) = @_;
- if (!correct_urlbase()) {
+ if (!Bugzilla->localconfig->{urlbase}) {
print STDERR get_text('sitemap_no_urlbase'), "\n";
return;
}
return;
}
- return if (correct_urlbase() ne 'https://bugzilla.mozilla.org/');
+ return if (Bugzilla->localconfig->{urlbase} ne 'https://bugzilla.mozilla.org/');
}
sub install_filesystem {
sub before_robots_txt {
my ($self, $args) = @_;
- $args->{vars}{SITEMAP_URL} = correct_urlbase() . SITEMAP_URL;
+ $args->{vars}{SITEMAP_URL} = Bugzilla->localconfig->{urlbase} . SITEMAP_URL;
}
__PACKAGE__->NAME;
use Bugzilla::Extension::SiteMapIndex::Constants;
-use Bugzilla::Util qw(correct_urlbase datetime_from url_quote);
+use Bugzilla::Util qw(datetime_from url_quote);
use Bugzilla::Constants qw(bz_locations);
use Scalar::Util qw(blessed);
foreach my $filename (@$filelist) {
$index_xml .= "
<sitemap>
- <loc>" . correct_urlbase() . "data/$extension_name/$filename</loc>
+ <loc>" . Bugzilla->localconfig->{urlbase} . "data/$extension_name/$filename</loc>
<lastmod>$timestamp</lastmod>
</sitemap>
";
sub _generate_sitemap_file {
my ($extension_name, $filecount, $products, $bugs) = @_;
- my $bug_url = correct_urlbase() . 'show_bug.cgi?id=';
- my $product_url = correct_urlbase() . 'describecomponents.cgi?product=';
+ my $bug_url = Bugzilla->localconfig->{urlbase} . 'show_bug.cgi?id=';
+ my $product_url = Bugzilla->localconfig->{urlbase} . 'describecomponents.cgi?product=';
my $sitemap_xml = <<END;
<?xml version="1.0" encoding="UTF-8"?>
sub get_review_base {
my $base = Bugzilla->params->{'splinter_base'};
$base =~ s!/$!!;
- my $urlbase = correct_urlbase();
+ my $urlbase = Bugzilla->localconfig->{urlbase};
$urlbase =~ s!/$!! if $base =~ "^/";
$base = $urlbase . $base;
return $base;
use lib qw(. lib local/lib/perl5);
use Bugzilla;
-use Bugzilla::Util qw( correct_urlbase );
+use Bugzilla::Util ();
use Bugzilla::Error;
use Bugzilla::Constants;
use Bugzilla::Token qw( issue_short_lived_session_token
use Bugzilla::Extension::GitHubAuth::Client;
my $cgi = Bugzilla->cgi;
-my $urlbase = correct_urlbase();
+my $urlbase = Bugzilla->localconfig->{urlbase};
if (lc($cgi->request_method) eq 'post') {
# POST requests come from Bugzilla itself and begin the GitHub login process
<IfDefine HTTPD_IN_SUBDIR>
Alias "/bmo" "/app"
</IfDefine>
+<IfDefine HTTPS>
+ SetEnv HTTPS on
+</IfDefine>
<Directory "/app">
Options -Indexes -FollowSymLinks
AllowOverride None
$log .= "Bug ${urlbase}show_bug.cgi?id=$bug_fields{'bug_id'} ";
$log .= "imported as bug $id.\n";
- $log .= $params->{"urlbase"} . "show_bug.cgi?id=$id\n\n";
+ $log .= Bugziilla->localconfig->{"urlbase"} . "show_bug.cgi?id=$id\n\n";
if ($err) {
$log .= "The following problems were encountered while creating bug $id.\n";
$log .= $err;
my $log = join("\n\n", @logs);
$log .= "\n\nImported $bugtotal bug(s) from $urlbase,\n sent by $exporter.\n";
my $subject = "$bugtotal Bug(s) successfully moved from $urlbase to "
- . $params->{"urlbase"};
+ . Bugzilla->localconfig->{"urlbase"};
my @to = ($exporter, $maintainer);
MailMessage( $subject, $log, @to );
if ($user_id && $user->in_group('admin')) {
# If 'urlbase' is not set, display the Welcome page.
- unless (Bugzilla->params->{'urlbase'}) {
+ unless (Bugzilla->localconfig->{'urlbase'}) {
$template->process('welcome-admin.html.tmpl')
or ThrowTemplateError($template->error());
exit;
push(@all_mail_results, $ref_sent);
}
- print $cgi->redirect(correct_urlbase() . 'show_bug.cgi?id='.$new_bug->bug_id);
+ print $cgi->redirect(Bugzilla->localconfig->{urlbase} . 'show_bug.cgi?id='.$new_bug->bug_id);
} else {
print $cgi->header();
$template->process("bug/new_bug.html.tmpl",
# redirect to enter_bug if no field is passed.
unless ($cgi->param()) {
- print $cgi->redirect(correct_urlbase() . 'enter_bug.cgi');
+ print $cgi->redirect(Bugzilla->localconfig->{urlbase} . 'enter_bug.cgi');
exit;
}
$answer{'diffpath'} = '/usr/bin';
$answer{'index_html'} = 0;
$answer{'interdiffbin'} = '/usr/bin/interdiff';
-$answer{'urlbase'} = 'http://localhost/bmo/';
$answer{'use_suexec'} = '';
$answer{'webservergroup'} = '%USER%';
# Set Parameters
##########################################################################
-# Some parameters must be turned on to create bugs requiring them.
-# They are also expected to be turned on by some webservice_*.t scripts.
-my ($urlbase, $sslbase);
-$urlbase = $config->{browser_url} . '/' . $config->{bugzilla_installation};
-$urlbase .= '/' unless $urlbase =~ /\/$/;
-
-if ($urlbase =~ /^https/) {
- $sslbase = $urlbase;
- $urlbase =~ s/^https(.+)$/http$1/;
-}
-
# Create missing priorities
# BMO uses P1-P5 which is different from upstream
my $field = Bugzilla::Field->new({ name => 'priority' });
}
my %set_params = (
- urlbase => $urlbase,
- sslbase => $sslbase,
usebugaliases => 1,
useqacontact => 1,
mail_delivery_method => 'Test',
go_to_admin($sel);
$sel->click_ok("link=Parameters", undef, "Go to the Config Parameters page");
$sel->wait_for_page_to_load(WAIT_TIME);
- $sel->title_is("Configuration: Required Settings");
- my $last_section = "Required Settings";
+ $sel->title_is("Configuration: General");
+ my $last_section = "General";
foreach my $section (keys %$params) {
if ($section ne $last_section) {
# No alternate host for attachments; cookies will be accessible.
-set_parameters($sel, { "Attachments" => {"allow_attachment_display-on" => undef,
- "reset-attachment_base" => undef} });
+set_parameters($sel, { "Attachments" => {"allow_attachment_display-on" => undef } });
go_to_bug($sel, $bug1_id);
$sel->click_ok("link=simple patch, v1");
$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_like(qr/^$bug1_id /);
-# Alternate host for attachments; no cookie should be accessible.
-
-set_parameters($sel, { "Attachments" => {"attachment_base" => {type => "text",
- value => "$config->{browser_ip_url}/$urlbase/"}} });
-go_to_bug($sel, $bug1_id);
-$sel->click_ok("link=simple patch, v1");
-$sel->wait_for_page_to_load_ok(WAIT_TIME);
-$sel->title_is("");
-@cookies = split(/[\s;]+/, $sel->get_cookie());
-$nb_cookies = scalar @cookies;
-ok(!$nb_cookies, "No cookies found");
-ok(!$sel->is_cookie_present("Bugzilla_login"), "Bugzilla_login not accessible");
-ok(!$sel->is_cookie_present("Bugzilla_logincookie"), "Bugzilla_logincookie not accessible");
-$sel->go_back_ok();
-$sel->wait_for_page_to_load_ok(WAIT_TIME);
-$sel->title_like(qr/^$bug1_id /);
-
-set_parameters($sel, { "Attachments" => {"reset-attachment_base" => undef} });
+# # Alternate host for attachments; no cookie should be accessible.
+
+# set_parameters($sel, { "Attachments" => {"attachment_base" => {type => "text",
+# value => "$config->{browser_ip_url}/$urlbase/"}} });
+# go_to_bug($sel, $bug1_id);
+# $sel->click_ok("link=simple patch, v1");
+# $sel->wait_for_page_to_load_ok(WAIT_TIME);
+# $sel->title_is("");
+# @cookies = split(/[\s;]+/, $sel->get_cookie());
+# $nb_cookies = scalar @cookies;
+# ok(!$nb_cookies, "No cookies found");
+# ok(!$sel->is_cookie_present("Bugzilla_login"), "Bugzilla_login not accessible");
+# ok(!$sel->is_cookie_present("Bugzilla_logincookie"), "Bugzilla_logincookie not accessible");
+# $sel->go_back_ok();
+# $sel->wait_for_page_to_load_ok(WAIT_TIME);
+# $sel->title_like(qr/^$bug1_id /);
#######################################################################
# Security bug 472362.
$sel->type_ok("Bugzilla_password", $config->{admin_user_passwd}, "Enter admin password");
$sel->click_ok("log_in");
$sel->wait_for_page_to_load_ok(WAIT_TIME);
-$sel->title_is("Configuration: Required Settings");
-$sel->click_ok("link=General");
-$sel->wait_for_page_to_load_ok(WAIT_TIME);
$sel->title_is("Configuration: General");
$sel->type_ok("shutdownhtml", "");
$sel->click_ok('//input[@type="submit" and @value="Save Changes"]', undef, "Save Changes");
if (!$action) {
# redirect to index.cgi if no action is defined.
- print $cgi->redirect(correct_urlbase() . 'index.cgi');
+ print $cgi->redirect(Bugzilla->localconfig->{urlbase} . 'index.cgi');
exit;
}
# prepare-sudo: Display the sudo information & login page
--- /dev/null
+#!/usr/bin/perl -T
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+use 5.10.1;
+use strict;
+use warnings;
+
+use lib qw(. lib local/lib/perl5);
+
+use Bugzilla;
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Update;
+use Digest::MD5 qw(md5_hex);
+use List::MoreUtils qw(any);
+
+# Check whether or not the user is logged in
+my $user = Bugzilla->login(LOGIN_OPTIONAL);
+my $cgi = Bugzilla->cgi;
+my $template = Bugzilla->template;
+
+my %vars;
+print $cgi->header('text/plain');
+Bugzilla::Hook::process( "before_robots_txt", { vars => \%vars } );
+$template->process( "robots.txt.tmpl", \%vars )
+ or ThrowTemplateError( $template->error() );
});
print "Done!\n";
-my $urlbase = Bugzilla->params->{urlbase};
+my $urlbase = Bugzilla->localconfig->{urlbase};
print "Please visit ${urlbase}editfields.cgi?action=edit&name=$name to finish setting up this field.\n";
use strict;
use warnings;
use lib qw(/app /app/local/lib/perl5);
+use autodie qw(:all);
use Bugzilla::Install::Localconfig ();
use Bugzilla::Install::Util qw(install_string);
use Bugzilla::Test::Util qw(create_user);
+
use DBI;
use Data::Dumper;
-use English qw($EUID);
+use English qw(-no_match_vars $EUID);
use File::Copy::Recursive qw(dircopy);
use Getopt::Long qw(:config gnu_getopt);
+use IO::Async::Loop;
+use IO::Async::Process;
+use IO::Async::Signal;
+use IO::Async::Timer::Periodic;
use LWP::Simple qw(get);
use POSIX qw(WEXITSTATUS setsid);
+use Sys::Hostname;
use User::pwent;
-use IO::Async::Loop;
-use IO::Async::Process;
-use IO::Async::Timer::Periodic;
-use IO::Async::Signal;
+BEGIN {
+ STDOUT->autoflush(1);
+ STDERR->autoflush(1);
+}
use constant CI => $ENV{CI};
BMO_db_pass
BMO_memcached_namespace
BMO_memcached_servers
-)) unless $cmd eq 'shell';
+ BMO_urlbase
+));
+
+if ( $ENV{BMO_urlbase} eq 'AUTOMATIC' ) {
+ $ENV{BMO_urlbase} = sprintf 'http://%s:%d/%s', hostname(), $ENV{PORT}, $ENV{BZ_QA_LEGACY_MODE} ? 'bmo/' : '';
+ $ENV{BZ_BASE_URL} = sprintf 'http://%s:%d', hostname(), $ENV{PORT};
+}
$func->($opts->());
sub cmd_httpd {
check_data_dir();
wait_for_db();
- run( '/usr/sbin/httpd', '-DFOREGROUND', '-f', '/app/httpd/httpd.conf' );
+ check_httpd_env();
+ my @httpd_args = (
+ '-DFOREGROUND',
+ '-f' => '/app/httpd/httpd.conf',
+ );
+
+ # If we're behind a proxy and the urlbase says https, we must be using https.
+ # * basically means "I trust the load balancer" anyway.
+ if ($ENV{BMO_inbound_proxies} eq '*' && $ENV{BMO_urlbase} =~ /^https/) {
+ unshift @httpd_args, '-DHTTPS';
+ }
+ run( '/usr/sbin/httpd', @httpd_args );
}
sub cmd_load_test_data {
wait_for_db();
- die "BZ_QA_ANSWERS_FILE is not set" unless $ENV{BZ_QA_ANSWERS_FILE};
+ die 'BZ_QA_ANSWERS_FILE is not set' unless $ENV{BZ_QA_ANSWERS_FILE};
run( 'perl', 'checksetup.pl', '--no-template', $ENV{BZ_QA_ANSWERS_FILE} );
if ($ENV{BZ_QA_LEGACY_MODE}) {
prove_cmd => [
'prove', '-qf', '-I/app',
'-I/app/local/lib/perl5',
- sub { glob('webservice_*.t') },
+ sub { glob 'webservice_*.t' },
],
prove_dir => '/app/qa/t',
);
prove_cmd => [
'prove', '-qf', '-Ilib', '-I/app',
'-I/app/local/lib/perl5',
- sub { glob('test_*.t') }
+ sub { glob 'test_*.t' }
],
prove_dir => '/app/qa/t',
);
}
sub cmd_shell { run( 'bash', '-l' ); }
-sub cmd_prove { run( "prove", "-I/app", "-I/app/local/lib/perl5", @_ ); }
+sub cmd_prove {
+ my (@args) = @_;
+ run( 'prove', '-I/app', '-I/app/local/lib/perl5', @args );
+}
sub cmd_version { run( 'cat', '/app/version.json' ); }
sub cmd_test_bmo {
+ my (@prove_args) = @_;
check_data_dir();
wait_for_db();
$ENV{BZ_TEST_NEWBIE} = 'newbie@mozilla.example';
$ENV{BZ_TEST_NEWBIE_PASS} = 'captain.space.bagel.ROBOT!';
- create_user($ENV{BZ_TEST_NEWBIE}, $ENV{BZ_TEST_NEWBIE_PASS}, realname => "Newbie User");
+ create_user($ENV{BZ_TEST_NEWBIE}, $ENV{BZ_TEST_NEWBIE_PASS}, realname => 'Newbie User');
$ENV{BZ_TEST_NEWBIE2} = 'newbie2@mozilla.example';
$ENV{BZ_TEST_NEWBIE2_PASS} = 'captain.space.pants.time.lord';
prove_with_httpd(
httpd_url => $ENV{BZ_BASE_URL},
httpd_cmd => [ '/usr/sbin/httpd', '-f', '/app/httpd/httpd.conf', '-DFOREGROUND' ],
- prove_cmd => [ "prove", "-I/app", "-I/app/local/lib/perl5", @_ ],
+ prove_cmd => [ 'prove', '-I/app', '-I/app/local/lib/perl5', @prove_args ],
);
}
sub prove_with_httpd {
my (%param) = @_;
- unless (-d "/app/logs") {
- mkdir("/app/logs") or die "unable to mkdir(/app/logs): $!\n";
+ check_httpd_env();
+
+ unless (-d '/app/logs') {
+ mkdir '/app/logs' or die "unable to mkdir(/app/logs): $!\n";
}
my $httpd_cmd = $param{httpd_cmd};
my $loop = IO::Async::Loop->new;
my $httpd_exit_f = $loop->new_future;
- warn "starting httpd\n";
+ say 'starting httpd';
my $httpd = IO::Async::Process->new(
code => sub {
setsid();
- exec(@$httpd_cmd);
+ exec @$httpd_cmd;
},
setup => [
- stdout => ["open", ">", "/app/logs/access.log"],
- stderr => ["open", ">", "/app/logs/error.log"],
+ stdout => ['open', '>', '/app/logs/access.log'],
+ stderr => ['open', '>', '/app/logs/error.log'],
],
on_finish => on_finish($httpd_exit_f),
on_exception => on_exception('httpd', $httpd_exit_f),
my $prove_exit_f = $loop->new_future;
my $prove = IO::Async::Process->new(
code => sub {
- chdir($param{prove_dir}) if $param{prove_dir};
+ chdir $param{prove_dir} if $param{prove_dir};
my @cmd = (map { ref $_ eq 'CODE' ? $_->() : $_ } @$prove_cmd);
warn "run @cmd\n";
- exec(@cmd);
+ exec @cmd;
},
on_finish => on_finish($prove_exit_f),
on_exception => on_exception('prove', $prove_exit_f),
my ($timer) = @_;
if ( $process->is_running ) {
my $resp = get("$url/__lbheartbeat__");
- if ($resp && $resp =~ /^httpd OK$/) {
+ if ($resp && $resp =~ /^httpd OK/) {
$timer->stop;
$is_running_f->done($resp);
}
}
elsif ( $process->is_exited ) {
$timer->stop;
- $is_running_f->fail("httpd process exited early");
+ $is_running_f->fail('httpd process exited early');
}
elsif ( $ticks++ > 60 ) {
$timer->stop;
}
sub copy_qa_extension {
- say "copying the QA extension...";
+ say 'copying the QA extension...';
dircopy('/app/qa/extensions/QA', '/app/extensions/QA');
}
my $dsn = "dbi:mysql:database=$c->{db_name};host=$c->{db_host}";
my $dbh;
foreach (1..12) {
- say "checking database..." if $_ > 1;
+ say 'checking database...' if $_ > 1;
$dbh = DBI->connect(
$dsn,
$c->{db_user},
);
last if $dbh;
say "database $dsn not available, waiting...";
- sleep(10);
+ sleep 10;
}
die "unable to connect to $dsn as $c->{db_user}\n" unless $dbh;
}
my ($f) = @_;
return sub {
my ($self, $exitcode) = @_;
+ say "exit code: $exitcode";
$f->done(WEXITSTATUS($exitcode));
};
}
sub check_user {
- die "Effective UID must be 10001!" unless $EUID == 10001;
+ die 'Effective UID must be 10001!' unless $EUID == 10_001;
my $user = getpwuid($EUID)->name;
die "Name of EUID must be app, not $user" unless $user eq 'app';
}
sub check_data_dir {
- die "/app/data must be writable by user 'app' (id: $EUID)" unless -w "/app/data";
- die "/app/data/params must exist" unless -f "/app/data/params";
+ die "/app/data must be writable by user 'app' (id: $EUID)" unless -w '/app/data';
+ die '/app/data/params must exist' unless -f '/app/data/params';
}
sub check_env {
my (@require_env) = @_;
my @missing_env = grep { not exists $ENV{$_} } @require_env;
if (@missing_env) {
- die "Missing required environmental variables: ", join(", ", @missing_env), "\n";
+ die 'Missing required environmental variables: ', join(', ', @missing_env), "\n";
}
}
+sub check_httpd_env {
+ check_env(qw(
+ HTTPD_StartServers
+ HTTPD_MinSpareServers
+ HTTPD_MaxSpareServers
+ HTTPD_ServerLimit
+ HTTPD_MaxClients
+ HTTPD_MaxRequestsPerChild
+ ))
+}
sub fix_path {
$ENV{PATH} = "/app/local/bin:$ENV{PATH}";
sub run {
my (@cmd) = @_;
say "+ @cmd";
- my $rv = system(@cmd);
+ my $rv = system @cmd;
if ($rv != 0) {
exit 1;
}
or warn install_string('chmod_failed', { path => $filename,
error => $! });
-my $urlbase = correct_urlbase();
+my $urlbase = Bugzilla->localconfig->{urlbase};
print $fh "digraph G {";
print $fh qq(
my $webdotbase = Bugzilla->params->{'webdotbase'};
if ($webdotbase =~ /^https?:/) {
- # Remote dot server. We don't hardcode 'urlbase' here in case
- # 'sslbase' is in use.
- $webdotbase =~ s/%([a-z]*)%/Bugzilla->params->{$1}/eg;
+ $webdotbase =~ s/%(?:sslbase|urlbase)%/Bugzilla->localconfig->{urlbase}/eg;
my $url = $webdotbase . $filename;
$vars->{'image_url'} = $url . ".gif";
$vars->{'map_url'} = $url . ".map";
$VAR1 = [
{
- 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitNoisyQuotes' => 29,
'Perl::Critic::Policy::Modules::RequireFilenameMatchesPackage' => 0,
'Perl::Critic::Policy::ValuesAndExpressions::ProhibitLongChainsOfMethodCalls' => 0,
'Perl::Critic::Policy::BuiltinFunctions::ProhibitComplexMappings' => 0,
'Perl::Critic::Policy::ControlStructures::ProhibitLabelsWithSpecialBlockNames' => 0,
'Perl::Critic::Policy::CodeLayout::ProhibitTrailingWhitespace' => 0,
- 'Perl::Critic::Policy::Variables::ProhibitUnusedVariables' => 0,
+ 'Perl::Critic::Policy::Variables::ProhibitUnusedVariables' => 1,
'Perl::Critic::Policy::Documentation::RequirePackageMatchesPodName' => 0,
'Perl::Critic::Policy::BuiltinFunctions::ProhibitUniversalCan' => 0,
'Perl::Critic::Policy::InputOutput::ProhibitJoinedReadline' => 0,
'Perl::Critic::Policy::InputOutput::ProhibitOneArgSelect' => 0,
'Perl::Critic::Policy::RegularExpressions::ProhibitSingleCharAlternation' => 16,
'Perl::Critic::Policy::Freenode::ModPerl' => 0,
- 'Perl::Critic::Policy::TestingAndDebugging::ProhibitNoWarnings' => 1,
+ 'Perl::Critic::Policy::TestingAndDebugging::ProhibitNoWarnings' => 0,
'Perl::Critic::Policy::Freenode::IndirectObjectNotation' => 0,
'Perl::Critic::Policy::Subroutines::ProhibitAmpersandSigils' => 0,
'Perl::Critic::Policy::ControlStructures::ProhibitUnreachableCode' => 0,
'Perl::Critic::Policy::CodeLayout::ProhibitQuotedWordLists' => 0,
'Perl::Critic::Policy::NamingConventions::ProhibitAmbiguousNames' => 0,
'Perl::Critic::Policy::Variables::ProhibitConditionalDeclarations' => 0,
- 'Perl::Critic::Policy::InputOutput::ProhibitExplicitStdin' => 1,
- 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitInterpolationOfLiterals' => 272,
+ 'Perl::Critic::Policy::ValuesAndExpressions::ProhibitInterpolationOfLiterals' => 255,
'Perl::Critic::Policy::Freenode::Wantarray' => 0,
'Perl::Critic::Policy::ValuesAndExpressions::ProhibitMismatchedOperators' => 0,
- 'Perl::Critic::Policy::InputOutput::RequireBracedFileHandleWithPrint' => 15,
- 'Perl::Critic::Policy::CodeLayout::RequireTidyCode' => 50,
+ 'Perl::Critic::Policy::InputOutput::RequireBracedFileHandleWithPrint' => 14,
'Perl::Critic::Policy::Subroutines::ProhibitBuiltinHomonyms' => 0,
'Perl::Critic::Policy::Modules::RequireExplicitPackage' => 0,
'Perl::Critic::Policy::CodeLayout::ProhibitHardTabs' => 0,
'Perl::Critic::Policy::Freenode::OverloadOptions' => 0,
'Perl::Critic::Policy::TestingAndDebugging::ProhibitProlongedStrictureOverride' => 0,
'Perl::Critic::Policy::ValuesAndExpressions::ProhibitLeadingZeros' => 0,
- 'Perl::Critic::Policy::CodeLayout::RequireTrailingCommas' => 3,
+ 'Perl::Critic::Policy::CodeLayout::RequireTrailingCommas' => 2,
'Perl::Critic::Policy::Miscellanea::ProhibitUnrestrictedNoCritic' => 0,
'Perl::Critic::Policy::BuiltinFunctions::ProhibitSleepViaSelect' => 0,
'Perl::Critic::Policy::RegularExpressions::ProhibitEscapedMetacharacters' => 3,
'Perl::Critic::Policy::NamingConventions::Capitalization' => 0,
- 'Perl::Critic::Policy::Modules::RequireNoMatchVarsWithUseEnglish' => 1,
- 'Perl::Critic::Policy::RegularExpressions::RequireLineBoundaryMatching' => 37,
- 'Perl::Critic::Policy::InputOutput::RequireEncodingWithUTF8Layer' => 1,
+ 'Perl::Critic::Policy::Modules::RequireNoMatchVarsWithUseEnglish' => 0,
+ 'Perl::Critic::Policy::InputOutput::RequireEncodingWithUTF8Layer' => 0,
'Perl::Critic::Policy::BuiltinFunctions::ProhibitVoidGrep' => 0,
'Perl::Critic::Policy::ValuesAndExpressions::RequireUpperCaseHeredocTerminator' => 0,
'Perl::Critic::Policy::Miscellanea::ProhibitFormats' => 0,
'Perl::Critic::Policy::Variables::RequireInitializationForLocalVars' => 0,
- 'Perl::Critic::Policy::CodeLayout::ProhibitParensWithBuiltins' => 83,
+ 'Perl::Critic::Policy::CodeLayout::ProhibitParensWithBuiltins' => 76,
'Perl::Critic::Policy::RegularExpressions::ProhibitEnumeratedClasses' => 0,
'Perl::Critic::Policy::ValuesAndExpressions::ProhibitCommaSeparatedStatements' => 0,
'Perl::Critic::Policy::BuiltinFunctions::RequireBlockGrep' => 4,
'Perl::Critic::Policy::Modules::RequireEndWithOne' => 0,
'Perl::Critic::Policy::InputOutput::ProhibitTwoArgOpen' => 2,
'Perl::Critic::Policy::ValuesAndExpressions::RequireConstantVersion' => 0,
- 'Perl::Critic::Policy::InputOutput::RequireCheckedSyscalls' => 168,
+ 'Perl::Critic::Policy::InputOutput::RequireCheckedSyscalls' => 3,
'Perl::Critic::Policy::ValuesAndExpressions::RequireInterpolationOfMetachars' => 0,
'Perl::Critic::Policy::TestingAndDebugging::RequireUseStrict' => 0,
'Perl::Critic::Policy::ControlStructures::ProhibitUntilBlocks' => 0,
'Perl::Critic::Policy::Freenode::WarningsSwitch' => 19,
'Perl::Critic::Policy::RegularExpressions::ProhibitCaptureWithoutTest' => 0,
'Perl::Critic::Policy::Variables::ProhibitPunctuationVars' => 14,
- 'Perl::Critic::Policy::RegularExpressions::ProhibitFixedStringMatches' => 2,
+ 'Perl::Critic::Policy::RegularExpressions::ProhibitFixedStringMatches' => 1,
'Perl::Critic::Policy::ClassHierarchies::ProhibitOneArgBless' => 0,
'Perl::Critic::Policy::BuiltinFunctions::RequireSimpleSortBlock' => 0,
'Perl::Critic::Policy::InputOutput::RequireCheckedOpen' => 0,
'Perl::Critic::Policy::RegularExpressions::ProhibitUnusualDelimiters' => 1,
'Perl::Critic::Policy::RegularExpressions::ProhibitUselessTopic' => 0,
+ 'Perl::Critic::Policy::ValuesAndExpressions::RequireNumberSeparators' => 0,
'Perl::Critic::Policy::Variables::ProhibitAugmentedAssignmentInDeclaration' => 1,
- 'Perl::Critic::Policy::ValuesAndExpressions::RequireNumberSeparators' => 1,
'Perl::Critic::Policy::Freenode::DiscouragedModules' => 5,
'Perl::Critic::Policy::Subroutines::ProtectPrivateSubs' => 1,
'Perl::Critic::Policy::ValuesAndExpressions::ProhibitComplexVersion' => 0,
'Perl::Critic::Policy::ValuesAndExpressions::ProhibitImplicitNewlines' => 55,
'Perl::Critic::Policy::Modules::RequireBarewordIncludes' => 0,
'Perl::Critic::Policy::InputOutput::ProhibitBarewordFileHandles' => 2,
- 'Perl::Critic::Policy::InputOutput::RequireCheckedClose' => 1,
+ 'Perl::Critic::Policy::InputOutput::RequireCheckedClose' => 0,
'Perl::Critic::Policy::ControlStructures::ProhibitDeepNests' => 0,
'Perl::Critic::Policy::ControlStructures::ProhibitCStyleForLoops' => 2,
'Perl::Critic::Policy::InputOutput::ProhibitReadlineInForLoop' => 0,
'Perl::Critic::Policy::Freenode::WhileDiamondDefaultAssignment' => 0,
'Perl::Critic::Policy::RegularExpressions::ProhibitUnusedCapture' => 0,
- 'Perl::Critic::Policy::InputOutput::ProhibitInteractiveTest' => 1,
'Perl::Critic::Policy::Modules::ProhibitAutomaticExportation' => 0,
- 'Perl::Critic::Policy::RegularExpressions::RequireDotMatchAnything' => 38,
- 'Perl::Critic::Policy::Subroutines::RequireArgUnpacking' => 2,
+ 'Perl::Critic::Policy::Subroutines::RequireArgUnpacking' => 0,
'Perl::Critic::Policy::RegularExpressions::RequireBracesForMultiline' => 0,
'Perl::Critic::Policy::Subroutines::ProhibitUnusedPrivateSubroutines' => 0,
'Perl::Critic::Policy::Documentation::RequirePodAtEnd' => 4,
'Perl::Critic::Policy::Subroutines::ProhibitReturnSort' => 0,
'Perl::Critic::Policy::ValuesAndExpressions::ProhibitQuotesAsQuotelikeOperatorDelimiters' => 0,
'Perl::Critic::Policy::Variables::RequireNegativeIndices' => 0,
- 'Perl::Critic::Policy::InputOutput::RequireBriefOpen' => 4
+ 'Perl::Critic::Policy::InputOutput::RequireBriefOpen' => 3
}
];
# Frédéric Buclin <LpSolit@gmail.com>
#%]
-[%
+[%
title = "Advanced"
desc = "Settings for advanced configurations."
%]
<a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">Strict-Transport-Security</a>
header along with HTTP responses on SSL connections. This adds greater
security to your SSL connections by forcing the browser to always
- access your domain over SSL and never accept an invalid certificate.
+ access your domain over SSL and never accept an invalid certificate.
However, it should only be used if you have the <code>ssl_redirect</code>
parameter turned on, [% terms.Bugzilla %] is the only thing running
on its domain (i.e., your <code>urlbase</code> is something like
[% END %]
[% param_descs = {
- cookiedomain =>
- "If your website is at 'www.foo.com', setting this to"
- _ " '.foo.com' will also allow 'bar.foo.com' to access"
- _ " $terms.Bugzilla cookies. This is useful if you have more than"
- _ " one hostname pointing at the same web server, and you"
- _ " want them to share the $terms.Bugzilla cookie.",
-
inbound_proxies =>
"When inbound traffic to $terms.Bugzilla goes through a proxy,"
_ " $terms.Bugzilla thinks that the IP address of every single"
_ " If set to a *, $terms.Bugzilla will trust the first value in the "
_ " X-Forwarded-For header.",
- proxy_url =>
+ proxy_url =>
"$terms.Bugzilla may have to access the web to get notifications about"
_ " new releases (see the <tt>upgrade_notification</tt> parameter)."
_ " If your $terms.Bugzilla server is behind a proxy, it may be"
_ "<p>It is highly recommended that you set the <tt>attachment_base</tt>"
_ " parameter if you turn this parameter on.",
- attachment_base =>
- "When the <tt>allow_attachment_display</tt> parameter is on, it is "
- _ " possible for a malicious attachment to steal your cookies or"
- _ " perform an attack on $terms.Bugzilla using your credentials."
- _ "<p>If you would like additional security on attachments to avoid"
- _ " this, set this parameter to an alternate URL for your $terms.Bugzilla"
- _ " that is not the same as <tt>urlbase</tt> or <tt>sslbase</tt>."
- _ " That is, a different domain name that resolves to this exact"
- _ " same $terms.Bugzilla installation.</p>"
- _ "<p>Note that if you have set the"
- _ " <a href=\"editparams.cgi?section=advanced#cookiedomain_desc\"><tt>cookiedomain</tt>"
- _" parameter</a>, you should set <tt>attachment_base</tt> to use a"
- _ " domain that would <em>not</em> be matched by"
- _ " <tt>cookiedomain</tt>.</p>"
- _ "<p>For added security, you can insert <tt>%bugid%</tt> into the URL,"
- _ " which will be replaced with the ID of the current $terms.bug that"
- _ " the attachment is on, when you access an attachment. This will limit"
- _ " attachments to accessing only other attachments on the same"
- _ " ${terms.bug}. Remember, though, that all those possible domain names "
- _ " (such as <tt>1234.your.domain.com</tt>) must point to this same"
- _ " $terms.Bugzilla instance.",
-
allow_attachment_deletion =>
"If this option is on, administrators will be able to delete " _
"the content of attachments.",
+++ /dev/null
-[%# The contents of this file are subject to the Mozilla Public
- # License Version 1.1 (the "License"); you may not use this file
- # except in compliance with the License. You may obtain a copy of
- # the License at http://www.mozilla.org/MPL/
- #
- # Software distributed under the License is distributed on an "AS
- # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- # implied. See the License for the specific language governing
- # rights and limitations under the License.
- #
- # The Original Code is the Bugzilla Bug Tracking System.
- #
- # The Initial Developer of the Original Code is Netscape Communications
- # Corporation. Portions created by Netscape are
- # Copyright (C) 1998 Netscape Communications Corporation. All
- # Rights Reserved.
- #
- # Contributor(s): Dave Miller <justdave@bugzilla.org>
- # Frédéric Buclin <LpSolit@gmail.com>
- #%]
-
-[%
- title = "Required Settings"
- desc = "Settings that are required for proper operation of $terms.Bugzilla"
-%]
-
-[% param_descs = {
- urlbase => "The URL that is the common initial leading part of all $terms.Bugzilla " _
- "URLs.",
-
- sslbase => "The URL that is the common initial leading part of all HTTPS " _
- "(SSL) $terms.Bugzilla URLs.",
-
- ssl_redirect =>
- "When this is enabled, $terms.Bugzilla will ensure that every page is"
- _ " accessed over SSL, by redirecting any plain HTTP requests to HTTPS"
- _ " using the <tt>sslbase</tt> parameter. Also, when this is enabled,"
- _ " $terms.Bugzilla will send out links using <tt>sslbase</tt> in emails"
- _ " instead of <tt>urlbase</tt>.",
-
- cookiepath => "Path, relative to your web document root, to which to restrict " _
- "$terms.Bugzilla cookies. Normally this is the URI portion of your URL " _
- "base. Begin with a / (single slash mark). For instance, if " _
- "$terms.Bugzilla serves from 'http://www.somedomain.com/bugzilla/', set " _
- "this parameter to /bugzilla/. Setting it to / will allow " _
- "all sites served by this web server or virtual host to read " _
- "$terms.Bugzilla cookies.",
-} %]
<head>
[%- js_BUGZILLA = {
param => {
- cookiepath => Param('cookiepath'),
maxusermatches => Param('maxusermatches'),
},
constant => {
Disallow: /
Crawl-delay: 30
-[% IF NOT urlbase.matches("bugzilla-dev") %]
+[% IF NOT Bugzilla.localconfig.urlbase.matches("bugzilla-dev") %]
Allow: /$
Allow: /index.cgi
lc_old_vars => <<'END',
The following variables are no longer used in ##localconfig##, and
have been moved to ##old_file##: ##vars##
+END
+ localconfig_attachment_base => <<'END',
+When the runtime allow_attachment_display parameter is on, it is
+possible for a malicious attachment to steal your cookies or
+perform an attack using your credentials.
+
+If you would like additional security on attachments to avoid
+this, set this parameter to an alternate URL for your $terms.Bugzilla
+that is not the same as urlbase.
+That is, a different domain name that resolves to this exact
+same installation.
+
+For added security, you can insert %bugid% into the URL,
+which will be replaced with the ID of the current bug that
+the attachment is on, when you access an attachment. This will limit
+attachments to accessing only other attachments on the same
+bug. Remember, though, that all those possible domain names
+ must point to this same instance.
END
localconfig_create_htaccess => <<'END',
If you are using Apache as your web server, Bugzilla can create .htaccess
END
localconfig_memcached_servers => <<'END',
If this option is set, Bugzilla will integrate with Memcached.
-Specify one or more servers, separated by spaces, using hostname:port
+Specify one or more servers, separated by spaces, using hostname:port
notation (for example: 127.0.0.1:11211).
END
localconfig_memcached_namespace => <<'END',
This hash is used by BMO to override select data/params values on a per-webhead
basis. Keys set to undef will default to the value in data/params.
Only the keys listed below can be overridden.
+END
+ localconfig_urlbase => <<'END',
+The URL that is the common initial leading part of all URLs.
END
localconfig_use_suexec => <<'END',
Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment.
parameters for this installation; among others:</p>
<ul>
- <li><a href="editparams.cgi?section=core#urlbase_desc">urlbase</a>, which is the URL
- pointing to this installation and which will be used in emails (which is also the
- reason you see this page: as long as this parameter is not set, you will see this
- page again and again).</li>
-
- <li><a href="editparams.cgi?section=core#cookiepath_desc">cookiepath</a> is important
- for your browser to manage your cookies correctly.</li>
-
<li><a href="editparams.cgi?section=general#maintainer_desc">maintainer</a>,
the person responsible for this installation if something is
running wrongly.</li>
$user->update();
Bugzilla->logout();
- print Bugzilla->cgi->redirect(correct_urlbase());
+ print Bugzilla->cgi->redirect(Bugzilla->localconfig->{urlbase});
exit;
}
projects / thirdparty / bugzilla.git / commitdiff
