Bug 731219: Fix XMLRPC breakage when content-type contains a charset

r=dkl, a=LpSolit

Bug 731219: Fix XMLRPC breakage when content-type contains a charset
40e28180 · Byron Jones · ec2e4a09 · 40e28180
Commit 40e28180 authored Feb 29, 2012 by Byron Jones
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

XMLRPC.pm Bugzilla/WebService/Server/XMLRPC.pm +4 -1

No files found.
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -80,7 +80,10 @@ sub deserialize {
    my $self = shift;

    # Only allow certain content types to protect against CSRF attacks
-    if (!grep($_ eq $ENV{'CONTENT_TYPE'}, XMLRPC_CONTENT_TYPE_WHITELIST)) {
+    my $content_type = lc($ENV{'CONTENT_TYPE'});
+    # Remove charset, etc, if provided
+    $content_type =~ s/^([^;]+);.*/$1/;
+    if (!grep($_ eq $content_type, XMLRPC_CONTENT_TYPE_WHITELIST)) {
        ThrowUserError('xmlrpc_illegal_content_type',
                       { content_type => $ENV{'CONTENT_TYPE'} });
    }