aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2010-07-08 14:51:28 -0700
committerReed Loden <reed@reedloden.com>2010-07-08 14:51:28 -0700
commit124c46d598baca86873cf6cccab7ec64b5a599d5 (patch)
treefd13b920fdf750a0504772becf9f854af822b6be
parent383374778c025aebb1aaff1658b4024f0d0a58f7 (diff)
downloadbugs-124c46d598baca86873cf6cccab7ec64b5a599d5.tar
bugs-124c46d598baca86873cf6cccab7ec64b5a599d5.tar.gz
bugs-124c46d598baca86873cf6cccab7ec64b5a599d5.tar.bz2
bugs-124c46d598baca86873cf6cccab7ec64b5a599d5.tar.xz
bugs-124c46d598baca86873cf6cccab7ec64b5a599d5.zip
Bug 567981 - Restore ability for page.cgi pages to contain . characters, but don't permit '..' at all.
[r=mkanat a=mkanat]
-rwxr-xr-xpage.cgi10
1 files changed, 7 insertions, 3 deletions
diff --git a/page.cgi b/page.cgi
index 5464789e7..a6a198d8b 100755
--- a/page.cgi
+++ b/page.cgi
@@ -66,9 +66,13 @@ my $template = Bugzilla->template;
my $id = $cgi->param('id');
if ($id) {
- # Split into name and ctype, but be careful not to allow directory
- # traversal.
- $id =~ /^([\w\-\/]+)\.(\w+)$/;
+ # Be careful not to allow directory traversal.
+ if ($id =~ /\.\./) {
+ # two dots in a row is bad
+ ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
+ }
+ # Split into name and ctype.
+ $id =~ /^([\w\-\/\.]+)\.(\w+)$/;
if (!$2) {
# if this regexp fails to match completely, something bad came in
ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });