Closed Bug 329334 Opened 19 years ago Closed 19 years ago

User::match_field() may redirect you outside your Bugzilla installation

Categories

(Bugzilla :: Bugzilla-General, defect)

2.20.1
defect
Not set
normal

Tracking

()

RESOLVED FIXED
Bugzilla 2.20

People

(Reporter: LpSolit, Assigned: LpSolit)

References

Details

Attachments

(1 file)

The problem is the same as in bug 325079, i.e. User::match_field() uses $ENV{'SCRIPT_NAME'} in the confirmation page to redirect you to the appropriate page. But if the URL is of the form http://foo.com//bugzilla/bar.cgi, you are redirected to //bugzilla/bar.cgi. That's what happended to me a few minutes ago.
Attached patch patch, v1Splinter Review
Similar fix as in bug 325079, except I don't include Param('urlbase'), which is useless here.
Attachment #213987 - Flags: review?(myk)
Attachment #213987 - Flags: review?(myk) → review+
Flags: approval+
Flags: approval2.22+
Flags: approval2.20+
tip: Checking in Bugzilla/User.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm new revision: 1.104; previous revision: 1.103 done 2.22rc1: Checking in Bugzilla/User.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm new revision: 1.101.2.2; previous revision: 1.101.2.1 done 2.20.1: Checking in Bugzilla/User.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/User.pm,v <-- User.pm new revision: 1.61.2.19; previous revision: 1.61.2.18 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
*** Bug 281644 has been marked as a duplicate of this bug. ***
Flags: testcase?
Flags: testcase?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: