aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2016-03-21 23:18:07 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2016-03-21 23:18:07 +0100
commit6896e0469c6d9fd22252e2959da8bacb5ca99aa9 (patch)
treeac6a720e10076302b8cc780bfc038c364953dc1a
parentBug 1230932: Providing a condition as an ID to the webservice results in a ta... (diff)
downloadgentoo-bugzilla-6896e0469c6d9fd22252e2959da8bacb5ca99aa9.zip
gentoo-bugzilla-6896e0469c6d9fd22252e2959da8bacb5ca99aa9.tar.gz
gentoo-bugzilla-6896e0469c6d9fd22252e2959da8bacb5ca99aa9.tar.bz2
Bug 1255619: CGI scripts should not send duplicated headers
r/a=dkl
-rw-r--r--Bugzilla/CGI.pm5
-rwxr-xr-xeditclassifications.cgi2
-rwxr-xr-xeditgroups.cgi18
-rwxr-xr-xeditkeywords.cgi18
4 files changed, 7 insertions, 36 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 0b8a486..44c089a 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -66,7 +66,7 @@ sub new {
# else we will be redirected outside Bugzilla.
my $script_name = $self->script_name;
$path_info =~ s/^\Q$script_name\E//;
- if ($path_info) {
+ if ($script_name && $path_info) {
print $self->redirect($self->url(-path => 0, -query => 1));
}
}
@@ -283,7 +283,7 @@ sub close_standby_message {
print $self->multipart_end();
print $self->multipart_start(-type => $contenttype);
}
- else {
+ elsif (!$self->{_header_done}) {
print $self->header($contenttype);
}
}
@@ -356,6 +356,7 @@ sub header {
Bugzilla::Hook::process('cgi_headers',
{ cgi => $self, headers => \%headers }
);
+ $self->{_header_done} = 1;
return $self->SUPER::header(%headers) || "";
}
diff --git a/editclassifications.cgi b/editclassifications.cgi
index ea4b139..640b8b8 100755
--- a/editclassifications.cgi
+++ b/editclassifications.cgi
@@ -27,7 +27,6 @@ local our $vars = {};
sub LoadTemplate {
my $action = shift;
- my $cgi = Bugzilla->cgi;
my $template = Bugzilla->template;
$vars->{'classifications'} = [Bugzilla::Classification->get_all]
@@ -38,7 +37,6 @@ sub LoadTemplate {
$action =~ /(\w+)/;
$action = $1;
- print $cgi->header();
$template->process("admin/classifications/$action.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
diff --git a/editgroups.cgi b/editgroups.cgi
index 35989b9..f2c9155 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -135,8 +135,7 @@ sub get_current_and_available {
unless ($action) {
my @groups = Bugzilla::Group->get_all;
$vars->{'groups'} = \@groups;
-
- print $cgi->header();
+
$template->process("admin/groups/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -155,12 +154,10 @@ if ($action eq 'changeform') {
get_current_and_available($group, $vars);
$vars->{'group'} = $group;
- $vars->{'token'} = issue_session_token('edit_group');
+ $vars->{'token'} = issue_session_token('edit_group');
- print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -172,10 +169,9 @@ if ($action eq 'changeform') {
if ($action eq 'add') {
$vars->{'token'} = issue_session_token('add_group');
- print $cgi->header();
+
$template->process("admin/groups/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -204,7 +200,6 @@ if ($action eq 'new') {
get_current_and_available($group, $vars);
$vars->{'token'} = issue_session_token('edit_group');
- print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -228,10 +223,8 @@ if ($action eq 'del') {
$vars->{'group'} = $group;
$vars->{'token'} = issue_session_token('delete_group');
- print $cgi->header();
$template->process("admin/groups/delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -255,7 +248,6 @@ if ($action eq 'delete') {
$vars->{'message'} = 'group_deleted';
$vars->{'groups'} = [Bugzilla::Group->get_all];
- print $cgi->header();
$template->process("admin/groups/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -277,7 +269,6 @@ if ($action eq 'postchanges') {
$vars->{'changes'} = $changes;
$vars->{'token'} = issue_session_token('edit_group');
- print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -288,6 +279,7 @@ if ($action eq 'confirm_remove') {
$vars->{'group'} = $group;
$vars->{'regexp'} = CheckGroupRegexp($cgi->param('regexp'));
$vars->{'token'} = issue_session_token('remove_group_members');
+
$template->process('admin/groups/confirm-remove.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -326,10 +318,8 @@ if ($action eq 'remove_regexp') {
$vars->{'group'} = $group->name;
$vars->{'groups'} = [Bugzilla::Group->get_all];
- print $cgi->header();
$template->process("admin/groups/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
diff --git a/editkeywords.cgi b/editkeywords.cgi
index 41496f3..01f30db 100755
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -24,10 +24,6 @@ my $dbh = Bugzilla->dbh;
my $template = Bugzilla->template;
my $vars = {};
-#
-# Preliminary checks:
-#
-
my $user = Bugzilla->login(LOGIN_REQUIRED);
print $cgi->header();
@@ -47,22 +43,16 @@ $vars->{'action'} = $action;
if ($action eq "") {
$vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
- print $cgi->header();
$template->process("admin/keywords/list.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
-
if ($action eq 'add') {
$vars->{'token'} = issue_session_token('add_keyword');
- print $cgi->header();
-
$template->process("admin/keywords/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
-
exit;
}
@@ -79,8 +69,6 @@ if ($action eq 'new') {
delete_token($token);
- print $cgi->header();
-
$vars->{'message'} = 'keyword_created';
$vars->{'name'} = $keyword->name;
$vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
@@ -104,7 +92,6 @@ if ($action eq 'edit') {
$vars->{'keyword'} = $keyword;
$vars->{'token'} = issue_session_token('edit_keyword');
- print $cgi->header();
$template->process("admin/keywords/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -128,8 +115,6 @@ if ($action eq 'update') {
delete_token($token);
- print $cgi->header();
-
$vars->{'message'} = 'keyword_updated';
$vars->{'keyword'} = $keyword;
$vars->{'changes'} = $changes;
@@ -147,7 +132,6 @@ if ($action eq 'del') {
$vars->{'keyword'} = $keyword;
$vars->{'token'} = issue_session_token('delete_keyword');
- print $cgi->header();
$template->process("admin/keywords/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -162,8 +146,6 @@ if ($action eq 'delete') {
delete_token($token);
- print $cgi->header();
-
$vars->{'message'} = 'keyword_deleted';
$vars->{'keyword'} = $keyword;
$vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();