Skip to content

bugzilla
bugzilla
Commit 9a80c1ff authored by Reed Loden's avatar Reed Loden Committed by Max Kanat-Alexander
Browse files
Options

Bug 434801: [SECURITY] .htaccess doesn't prevent reading old-params.txt from the web

Patch by Reed Loden <reed@reedloden.com> r=mkanat a=LpSolit
parent 532196b8
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 4 deletions
Bugzilla/Config.pm
View file @ 9a80c1ff
...@@ -221,7 +221,7 @@ sub update_params { ...@@ -221,7 +221,7 @@ sub update_params {
# --- REMOVE OLD PARAMS --- # --- REMOVE OLD PARAMS ---
my %oldparams; my %oldparams;
# Remove any old params, put them in old-params.txt # Remove any old params
foreach my $item (keys %$param) { foreach my $item (keys %$param) {
if (!grep($_ eq $item, map ($_->{'name'}, @param_list))) { if (!grep($_ eq $item, map ($_->{'name'}, @param_list))) {
$oldparams{$item} = $param->{$item}; $oldparams{$item} = $param->{$item};
...@@ -229,13 +229,16 @@ sub update_params { ...@@ -229,13 +229,16 @@ sub update_params {
} }
} }
# Write any old parameters to old-params.txt
my $datadir = bz_locations()->{'datadir'};
my $old_param_file = "$datadir/old-params.txt";
if (scalar(keys %oldparams)) { if (scalar(keys %oldparams)) {
my $op_file = new IO::File('old-params.txt', '>>', 0600) my $op_file = new IO::File($old_param_file, '>>', 0600)
|| die "old-params.txt: $!"; || die "Couldn't create $old_param_file: $!";
print "The following parameters are no longer used in Bugzilla,", print "The following parameters are no longer used in Bugzilla,",
" and so have been\nmoved from your parameters file into", " and so have been\nmoved from your parameters file into",
" old-params.txt:\n"; " $old_param_file:\n";
local $Data::Dumper::Terse = 1; local $Data::Dumper::Terse = 1;
local $Data::Dumper::Indent = 0; local $Data::Dumper::Indent = 0;
......
Bugzilla/Install/Filesystem.pm
View file @ 9a80c1ff
...@@ -139,6 +139,7 @@ sub FILESYSTEM { ...@@ -139,6 +139,7 @@ sub FILESYSTEM {
'docs/*/README.docs' => { perms => $owner_readable }, 'docs/*/README.docs' => { perms => $owner_readable },
"$datadir/bugzilla-update.xml" => { perms => $ws_writeable }, "$datadir/bugzilla-update.xml" => { perms => $ws_writeable },
"$datadir/params" => { perms => $ws_writeable }, "$datadir/params" => { perms => $ws_writeable },
"$datadir/old-params.txt" => { perms => $owner_readable },
"$extensionsdir/create.pl" => { perms => $owner_executable }, "$extensionsdir/create.pl" => { perms => $owner_executable },
); );
...@@ -369,6 +370,12 @@ sub update_filesystem { ...@@ -369,6 +370,12 @@ sub update_filesystem {
_rename_file($testfile, "$testfile.old"); _rename_file($testfile, "$testfile.old");
} }
# If old-params.txt exists in the root directory, move it to datadir.
my $oldparamsfile = "old_params.txt";
if (-e $oldparamsfile) {
_rename_file($oldparamsfile, "$datadir/$oldparamsfile");
}
_create_files(%files); _create_files(%files);
if ($params->{index_html}) { if ($params->{index_html}) {
_create_files(%{$fs->{index_html}}); _create_files(%{$fs->{index_html}});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment