Skip to content

bugzilla
bugzilla
Commit 124c46d5 authored by Reed Loden's avatar Reed Loden
Browse files
Options

Bug 567981 - Restore ability for page.cgi pages to contain . characters, but…

Bug 567981 - Restore ability for page.cgi pages to contain . characters, but don't permit '..' at all. [r=mkanat a=mkanat]
parent 38337477
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 3 deletions
page.cgi
View file @ 124c46d5
...@@ -66,9 +66,13 @@ my $template = Bugzilla->template; ...@@ -66,9 +66,13 @@ my $template = Bugzilla->template;
my $id = $cgi->param('id'); my $id = $cgi->param('id');
if ($id) { if ($id) {
# Split into name and ctype, but be careful not to allow directory # Be careful not to allow directory traversal.
# traversal. if ($id =~ /\.\./) {
$id =~ /^([\w\-\/]+)\.(\w+)$/; # two dots in a row is bad
ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
}
# Split into name and ctype.
$id =~ /^([\w\-\/\.]+)\.(\w+)$/;
if (!$2) { if (!$2) {
# if this regexp fails to match completely, something bad came in # if this regexp fails to match completely, something bad came in
ThrowCodeError("bad_page_cgi_id", { "page_id" => $id }); ThrowCodeError("bad_page_cgi_id", { "page_id" => $id });
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment