Bug 1255619: CGI scripts should not send duplicated headers

r/a=dkl

Bug 1255619: CGI scripts should not send duplicated headers
6896e046 · Frédéric Buclin · 6e0182e5 · 6896e046 · 6896e046 · 6896e046
Commit 6896e046 authored Mar 21, 2016 by Frédéric Buclin
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 36 deletions

CGI.pm Bugzilla/CGI.pm +3 -2

editclassifications.cgi editclassifications.cgi +0 -2

editgroups.cgi editgroups.cgi +4 -14

editkeywords.cgi editkeywords.cgi +0 -18

No files found.
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -66,7 +66,7 @@ sub new {
            # else we will be redirected outside Bugzilla.
            my $script_name = $self->script_name;
            $path_info =~ s/^\Q$script_name\E//;
-            if ($path_info) {
+            if ($script_name && $path_info) {
                print $self->redirect($self->url(-path => 0, -query => 1));
            }
        }
@@ -283,7 +283,7 @@ sub close_standby_message {
        print $self->multipart_end();
        print $self->multipart_start(-type => $contenttype);
    }
-    else {
+    elsif (!$self->{_header_done}) {
        print $self->header($contenttype);
    }
 }
@@ -356,6 +356,7 @@ sub header {
    Bugzilla::Hook::process('cgi_headers',
        { cgi => $self, headers => \%headers }
    );
+    $self->{_header_done} = 1;

    return $self->SUPER::header(%headers) || "";
 }

--- a/editclassifications.cgi
+++ b/editclassifications.cgi
@@ -27,7 +27,6 @@ local our $vars = {};

 sub LoadTemplate {
    my $action = shift;
-    my $cgi = Bugzilla->cgi;
    my $template = Bugzilla->template;

    $vars->{'classifications'} = [Bugzilla::Classification->get_all]
@@ -38,7 +37,6 @@ sub LoadTemplate {

    $action =~ /(\w+)/;
    $action = $1;
-    print $cgi->header();
    $template->process("admin/classifications/$action.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
    exit;

--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -135,8 +135,7 @@ sub get_current_and_available {
 unless ($action) {
    my @groups = Bugzilla::Group->get_all;
    $vars->{'groups'} = \@groups;
-    
-    print $cgi->header();
+
    $template->process("admin/groups/list.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
    exit;
@@ -155,12 +154,10 @@ if ($action eq 'changeform') {

    get_current_and_available($group, $vars);
    $vars->{'group'} = $group;
-    $vars->{'token'}       = issue_session_token('edit_group');
+    $vars->{'token'} = issue_session_token('edit_group');

-    print $cgi->header();
    $template->process("admin/groups/edit.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
-
    exit;
 }

@@ -172,10 +169,9 @@ if ($action eq 'changeform') {

 if ($action eq 'add') {
    $vars->{'token'} = issue_session_token('add_group');
-    print $cgi->header();
+
    $template->process("admin/groups/create.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
-    
    exit;
 }

@@ -204,7 +200,6 @@ if ($action eq 'new') {
    get_current_and_available($group, $vars);
    $vars->{'token'} = issue_session_token('edit_group');

-    print $cgi->header();
    $template->process("admin/groups/edit.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
    exit;
@@ -228,10 +223,8 @@ if ($action eq 'del') {
    $vars->{'group'} = $group;
    $vars->{'token'} = issue_session_token('delete_group');

-    print $cgi->header();
    $template->process("admin/groups/delete.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
-    
    exit;
 }

@@ -255,7 +248,6 @@ if ($action eq 'delete') {
    $vars->{'message'} = 'group_deleted';
    $vars->{'groups'} = [Bugzilla::Group->get_all];

-    print $cgi->header();
    $template->process("admin/groups/list.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
    exit;
@@ -277,7 +269,6 @@ if ($action eq 'postchanges') {
    $vars->{'changes'} = $changes;
    $vars->{'token'} = issue_session_token('edit_group');

-    print $cgi->header();
    $template->process("admin/groups/edit.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
    exit;
@@ -288,6 +279,7 @@ if ($action eq 'confirm_remove') {
    $vars->{'group'} = $group;
    $vars->{'regexp'} = CheckGroupRegexp($cgi->param('regexp'));
    $vars->{'token'} = issue_session_token('remove_group_members');
+
    $template->process('admin/groups/confirm-remove.html.tmpl', $vars)
        || ThrowTemplateError($template->error());
    exit;
@@ -326,10 +318,8 @@ if ($action eq 'remove_regexp') {
    $vars->{'group'} = $group->name;
    $vars->{'groups'} = [Bugzilla::Group->get_all];

-    print $cgi->header();
    $template->process("admin/groups/list.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
-
    exit;
 }


--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -24,10 +24,6 @@ my $dbh = Bugzilla->dbh;
 my $template = Bugzilla->template;
 my $vars = {};

-#
-# Preliminary checks:
-#
-
 my $user = Bugzilla->login(LOGIN_REQUIRED);

 print $cgi->header();
@@ -47,22 +43,16 @@ $vars->{'action'} = $action;
 if ($action eq "") {
    $vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();

-    print $cgi->header();
    $template->process("admin/keywords/list.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
-
    exit;
 }
-    

 if ($action eq 'add') {
    $vars->{'token'} = issue_session_token('add_keyword');

-    print $cgi->header();
-
    $template->process("admin/keywords/create.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
-
    exit;
 }

@@ -79,8 +69,6 @@ if ($action eq 'new') {

    delete_token($token);

-    print $cgi->header();
-
    $vars->{'message'} = 'keyword_created';
    $vars->{'name'} = $keyword->name;
    $vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();
@@ -104,7 +92,6 @@ if ($action eq 'edit') {
    $vars->{'keyword'} = $keyword;
    $vars->{'token'} = issue_session_token('edit_keyword');

-    print $cgi->header();
    $template->process("admin/keywords/edit.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
    exit;
@@ -128,8 +115,6 @@ if ($action eq 'update') {

    delete_token($token);

-    print $cgi->header();
-
    $vars->{'message'} = 'keyword_updated';
    $vars->{'keyword'} = $keyword;
    $vars->{'changes'} = $changes;
@@ -147,7 +132,6 @@ if ($action eq 'del') {
    $vars->{'keyword'} = $keyword;
    $vars->{'token'} = issue_session_token('delete_keyword');

-    print $cgi->header();
    $template->process("admin/keywords/confirm-delete.html.tmpl", $vars)
      || ThrowTemplateError($template->error());
    exit;
@@ -162,8 +146,6 @@ if ($action eq 'delete') {

    delete_token($token);

-    print $cgi->header();
-
    $vars->{'message'} = 'keyword_deleted';
    $vars->{'keyword'} = $keyword;
    $vars->{'keywords'} = Bugzilla::Keyword->get_all_with_bug_count();