Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
9a80c1ff
Commit
9a80c1ff
authored
Feb 01, 2010
by
Reed Loden
Committed by
Max Kanat-Alexander
Feb 01, 2010
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 434801: [SECURITY] .htaccess doesn't prevent reading old-params.txt from the web
Patch by Reed Loden <reed@reedloden.com> r=mkanat a=LpSolit
parent
532196b8
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
14 additions
and
4 deletions
+14
-4
Config.pm
Bugzilla/Config.pm
+7
-4
Filesystem.pm
Bugzilla/Install/Filesystem.pm
+7
-0
No files found.
Bugzilla/Config.pm
View file @
9a80c1ff
...
@@ -221,7 +221,7 @@ sub update_params {
...
@@ -221,7 +221,7 @@ sub update_params {
# --- REMOVE OLD PARAMS ---
# --- REMOVE OLD PARAMS ---
my
%
oldparams
;
my
%
oldparams
;
# Remove any old params
, put them in old-params.txt
# Remove any old params
foreach
my
$item
(
keys
%
$param
)
{
foreach
my
$item
(
keys
%
$param
)
{
if
(
!
grep
(
$_
eq
$item
,
map
(
$_
->
{
'name'
},
@param_list
)))
{
if
(
!
grep
(
$_
eq
$item
,
map
(
$_
->
{
'name'
},
@param_list
)))
{
$oldparams
{
$item
}
=
$param
->
{
$item
};
$oldparams
{
$item
}
=
$param
->
{
$item
};
...
@@ -229,13 +229,16 @@ sub update_params {
...
@@ -229,13 +229,16 @@ sub update_params {
}
}
}
}
# Write any old parameters to old-params.txt
my
$datadir
=
bz_locations
()
->
{
'datadir'
};
my
$old_param_file
=
"$datadir/old-params.txt"
;
if
(
scalar
(
keys
%
oldparams
))
{
if
(
scalar
(
keys
%
oldparams
))
{
my
$op_file
=
new
IO::
File
(
'old-params.txt'
,
'>>'
,
0600
)
my
$op_file
=
new
IO::
File
(
$old_param_file
,
'>>'
,
0600
)
||
die
"
old-params.txt
: $!"
;
||
die
"
Couldn't create $old_param_file
: $!"
;
print
"The following parameters are no longer used in Bugzilla,"
,
print
"The following parameters are no longer used in Bugzilla,"
,
" and so have been\nmoved from your parameters file into"
,
" and so have been\nmoved from your parameters file into"
,
"
old-params.txt
:\n"
;
"
$old_param_file
:\n"
;
local
$
Data::Dumper::
Terse
=
1
;
local
$
Data::Dumper::
Terse
=
1
;
local
$
Data::Dumper::
Indent
=
0
;
local
$
Data::Dumper::
Indent
=
0
;
...
...
Bugzilla/Install/Filesystem.pm
View file @
9a80c1ff
...
@@ -139,6 +139,7 @@ sub FILESYSTEM {
...
@@ -139,6 +139,7 @@ sub FILESYSTEM {
'docs/*/README.docs'
=>
{
perms
=>
$owner_readable
},
'docs/*/README.docs'
=>
{
perms
=>
$owner_readable
},
"$datadir/bugzilla-update.xml"
=>
{
perms
=>
$ws_writeable
},
"$datadir/bugzilla-update.xml"
=>
{
perms
=>
$ws_writeable
},
"$datadir/params"
=>
{
perms
=>
$ws_writeable
},
"$datadir/params"
=>
{
perms
=>
$ws_writeable
},
"$datadir/old-params.txt"
=>
{
perms
=>
$owner_readable
},
"$extensionsdir/create.pl"
=>
{
perms
=>
$owner_executable
},
"$extensionsdir/create.pl"
=>
{
perms
=>
$owner_executable
},
);
);
...
@@ -369,6 +370,12 @@ sub update_filesystem {
...
@@ -369,6 +370,12 @@ sub update_filesystem {
_rename_file
(
$testfile
,
"$testfile.old"
);
_rename_file
(
$testfile
,
"$testfile.old"
);
}
}
# If old-params.txt exists in the root directory, move it to datadir.
my
$oldparamsfile
=
"old_params.txt"
;
if
(
-
e
$oldparamsfile
)
{
_rename_file
(
$oldparamsfile
,
"$datadir/$oldparamsfile"
);
}
_create_files
(
%
files
);
_create_files
(
%
files
);
if
(
$params
->
{
index_html
})
{
if
(
$params
->
{
index_html
})
{
_create_files
(
%
{
$fs
->
{
index_html
}});
_create_files
(
%
{
$fs
->
{
index_html
}});
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment