From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 18 Oct 2016 16:53:01 +0000 (-0400)
Subject: Bug 1310747 - SSRF
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e6736478603d9e881c12005e06845a25540fa4e;p=thirdparty%2Fbugzilla.git

Bug 1310747 - SSRF
---

diff --git a/auth.cgi b/auth.cgi
index 86c1f656a..00e6b94d6 100755
--- a/auth.cgi
+++ b/auth.cgi
@@ -43,8 +43,8 @@ ThrowUserError("auth_delegation_invalid_description")
   unless $description =~ /^[\w\s]{3,255}$/;
 
 my $callback_uri  = URI->new($callback);
-$callback_uri->scheme =~ /^https?$/
-  or ThrowUserError('auth_delegation_illegal_protocol', { protocol => scalar $callback_uri->scheme });
+ThrowUserError('auth_delegation_illegal_protocol', { protocol => scalar $callback_uri->scheme })
+    unless $callback_uri->scheme eq 'https';
 my $callback_base = $callback_uri->clone;
 $callback_base->query(undef);