diff options
| author | jocuri%softhome.net <> | 2003-10-08 02:15:35 +0000 |
|---|---|---|
| committer | jocuri%softhome.net <> | 2003-10-08 02:15:35 +0000 |
| commit | 6df993a22dd55cb29aad9b0c173b5dd0f54e42c7 (patch) | |
| tree | 8c800091c5828cb121788467a601acda4d15d5b2 | |
| parent | 7976d7b56f91bd291bbc086b9bc48cd593592040 (diff) | |
| download | bugs-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.tar bugs-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.tar.gz bugs-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.tar.bz2 bugs-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.tar.xz bugs-6df993a22dd55cb29aad9b0c173b5dd0f54e42c7.zip | |
Bug 213384: shutdownhtml login bypass via editparams.cgi is broken under suexec. r=kiko, a=justdave
| -rw-r--r-- | CGI.pl | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -55,7 +55,7 @@ use vars qw($template $vars); # to the user about the downtime. (do)editparams.cgi is exempted from # this message, of course, since it needs to be available in order for # the administrator to open Bugzilla back up. -if (Param("shutdownhtml") && $0 !~ m:[\\/](do)?editparams.cgi$:) { +if (Param("shutdownhtml") && $0 !~ m:(^|[\\/])(do)?editparams\.cgi$:) { $::vars->{'message'} = "shutdown"; # Return the appropriate HTTP response headers. |