Bug 513989 - large search query causing internal server error (500) but valid redirec...

r=mkanat, a=mkanat

diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 0e35aa0c6396dc679b2257eb92d24a20f2843c7f..e925a83b6f97f2ec274a976088957023fa598936 100644 (file)
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -161,6 +161,8 @@ use File::Basename;
 
     PASSWORD_DIGEST_ALGORITHM
     PASSWORD_SALT_LENGTH
+    
+    CGI_URI_LIMIT
 );
 
 @Bugzilla::Constants::EXPORT_OK = qw(contenttypes);
@@ -462,6 +464,11 @@ use constant PASSWORD_DIGEST_ALGORITHM => 'SHA-256';
 # of your users will be able to log in until they reset their passwords.
 use constant PASSWORD_SALT_LENGTH => 8;
 
+# Certain scripts redirect to GET even if the form was submitted originally
+# via POST such as buglist.cgi. This value determines whether the redirect
+# can be safely done or not based on the web server's URI length setting.
+use constant CGI_URI_LIMIT => 10000;
+
 sub bz_locations {
     # We know that Bugzilla/Constants.pm must be in %INC at this point.
     # So the only question is, what's the name of the directory

diff --git a/buglist.cgi b/buglist.cgi
index b6d642d6b0b4d7aa7e2f1089b423dd8fe0190795..5c7b6762d3cd1a0fca3a6c169335b1566c1400b2 100755 (executable)
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -85,9 +85,11 @@ if (grep { $_ =~ /^cmd\-/ } $cgi->param()) {
 #
 if ($cgi->request_method() eq 'POST') {
     $cgi->clean_search_url();
-
-    print $cgi->redirect(-url => $cgi->self_url());
-    exit;
+    my $uri_length = length($cgi->self_url());
+    if ($uri_length < CGI_URI_LIMIT) {
+        print $cgi->redirect(-url => $cgi->self_url());
+        exit;
+    }
 }
 
 # Determine whether this is a quicksearch query.