diff options
author | lpsolit%gmail.com <> | 2005-12-12 11:55:46 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2005-12-12 11:55:46 +0100 |
commit | 545a57e3d1866c18cce29dae67da2bd48e775ef0 (patch) | |
tree | c5bd928be033661a661e2caf1b00718cad898595 | |
parent | c7bb724eb31f848e3d6f78fdcee5ee70ab0516ac (diff) | |
download | bugzilla-545a57e3d1866c18cce29dae67da2bd48e775ef0.tar.gz bugzilla-545a57e3d1866c18cce29dae67da2bd48e775ef0.tar.xz |
Bug 319241: Bugzilla.pm is freely accessible from the web - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=myk
-rwxr-xr-x | checksetup.pl | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/checksetup.pl b/checksetup.pl index 5d901b646..614d1d7aa 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -1014,7 +1014,7 @@ if ($my_create_htaccess) { open HTACCESS, '>', '.htaccess'; print HTACCESS <<'END'; # don't allow people to retrieve non-cgi executable files or our private data -<FilesMatch ^(.*\.pl|.*localconfig.*)$> +<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$> deny from all </FilesMatch> END @@ -1028,7 +1028,15 @@ END $oldaccess .= $_; } close HTACCESS; + my $repaired = 0; if ($oldaccess =~ s/\|localconfig\|/\|.*localconfig.*\|/) { + $repaired = 1; + } + if ($oldaccess !~ /\(\.\*\\\.pm\|/) { + $oldaccess =~ s/\(/(.*\\.pm\|/; + $repaired = 1; + } + if ($repaired) { print "Repairing .htaccess...\n"; open HTACCESS, '>', '.htaccess'; print HTACCESS $oldaccess; |