Bug 567981 - Restore ability for page.cgi pages to contain . characters, but…

Bug 567981 - Restore ability for page.cgi pages to contain . characters, but don't permit '..' at all. [r=mkanat a=mkanat]

Bug 567981 - Restore ability for page.cgi pages to contain . characters, but…
124c46d5 · Reed Loden · 38337477 · 124c46d5
Commit 124c46d5 authored Jul 08, 2010 by Reed Loden
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

page.cgi page.cgi +7 -3

No files found.
--- a/page.cgi
+++ b/page.cgi
@@ -66,9 +66,13 @@ my $template = Bugzilla->template;

 my $id = $cgi->param('id');
 if ($id) {
-    # Split into name and ctype, but be careful not to allow directory
-    # traversal.
-    $id =~ /^([\w\-\/]+)\.(\w+)$/;
+    # Be careful not to allow directory traversal.
+    if ($id =~ /\.\./) {
+        # two dots in a row is bad
+        ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
+    }
+    # Split into name and ctype.
+    $id =~ /^([\w\-\/\.]+)\.(\w+)$/;
    if (!$2) {
        # if this regexp fails to match completely, something bad came in
        ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });